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Abstract 


Relational  interpretations  of  type  systems  are  useful  for  establishing  prop¬ 
erties  of  programming  languages.  For  languages  with  recursive  types  it 
is  usually  difficult  to  establish  the  existence  of  a  relational  interpretation. 
The  usual  approach  is  to  give  a  denotational  semantics  of  the  language  in 
a  domain-theoretic  model  given  by  an  inverse  limit  construction,  and  to 
construct  relations  over  the  model  by  a  similar  inverse  limit  construction. 
However,  in  passing  to  a  denotational  semantics  we  incur  the  obligation  to 
prove  its  adequacy  with  respect  to  the  operational  semantics  of  the  lan¬ 
guage,  which  is  itself  often  proved  using  a  relational  interpretation  of  types! 
In  this  paper  we  investigate  the  construction  of  relational  interpretations 
of  recursive  types  in  a  purely  operational  setting,  drawing  on  recent  ideas 
from  domain  theory  and  operational  semantics  as  a  guide.  We  establish  a 
syntactic  minimal  invariance  property  for  an  ML-like  language  with  a  recur¬ 
sive  type  that  is  a  syntactic  analogue  of  Freyd’s  universal  characterization 
of  the  canonical  solution  of  a  domain  equation.  As  Pitts  has  shown  in  the 
setting  of  domans,  minimal  invariance  suffices  to  establish  the  existence  of 
relational  interpretations  of  recursive  types.  We  give  two  applications  of 
this  construction.  First,  we  derive  a  notion  of  logical  equivalence  for  expres¬ 
sions  of  the  language  that  we  show  coincides  with  contextual  equivalence 
and  which,  by  virtue  of  its  construction,  validates  useful  induction  and  coin¬ 
duction  principles  for  reasoning  about  the  recursive  type.  Second,  we  give 
a  relational  proof  of  correctness  of  the  continuation-passing  transformation, 
which  is  used  in  some  compilers  for  functional  languages.  The  proof  relies  on 
the  construction  of  a  family  of  simulation  relations  whose  existence  follows 
from  syntactic  minimal  invariance. 
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1  Introduction 


The  interpretation  of  types  by  relations  is  a  fundamental  technique  in  the 
study  of  type  systems  (see,  for  example,  Mitchell’s  survey  [14]  and  mono¬ 
graph  [15]  for  examples  and  references  to  the  literature).  The  general  idea 
is  to  associate  to  each  type  a  relation  over  a  suitable  value  space  in  such  a 
way  that  well-typed  terms  are  related  appropriately  by  the  interpretation. 
In  many  cases  the  existence  of  a  relational  interpretation  is  established  by 
induction  on  the  structure  of  types,  but  in  more  complex  languages  with 
impredicative  polymorphism  or  (not  necessarily  positive)  recursive  types, 
more  sophisticated  methods  are  required. 

In  the  case  of  impredicative  polymorphism  the  method  of  candidates 
introduced  by  Girard  [8]  may  be  used  to  construct  a  relational  interpretation. 
For  recursive  types  the  usual  approach  is  to  pass  to  a  domain-theoretic 
model  of  the  language  and  to  exploit  the  structure  of  the  model  to  build  the 
required  system  of  relations.  In  practice  the  model  (such  as  Scott’s  D0 0) 
is  obtained  as  the  inverse  limit  of  a  system  of  domains,  and  the  required 
relational  interpretation  is  obtained  by  exploiting  the  structure  of  the  model 
arising  from  this  construction. 

The  denotational  approach  has  been  successfully  used  for  a  number 
of  problems,  including  Reynolds’  proof  of  correctness  of  the  continuation¬ 
passing  transformation  used  in  some  compilers  for  functional  languages  [20]. 
A  disadvantage  of  this  approach  is  that  one  must  also  prove  the  correctness 
(adequacy)  of  the  denotational  semantics  of  the  language,  which  is  itself  of¬ 
ten  established  using  a  relational  interpretation  of  types  [19,  17]!  Moreover, 
since  the  construction  is  carried  out  for  a  specific  model  of  the  language,  it 
is  not  clear  a  priori  to  what  extent  the  specific  model  affects  the  result. 

The  latter  question  was  recently  addressed  by  Pitts  [17]  who  showed  that 
Freyd’s  universal  characterization  of  the  solution  of  a  domain  equation  by  the 
minimal  invariant  property  [6,  5,  7]  is  sufficient  to  validate  the  construction 
of  a  wide  class  of  relational  interpretations  of  recursive  types.  The  starting 
point  for  the  present  work  is  the  observation  that  for  a  sufficiently  rich  lan¬ 
guage  with  recursive  functions  and  recursive  types  the  minimal  invariance 
property  of  the  model  is  expressible  entirely  in  terms  of  the  language  itself 
by  an  equation  stating  that  a  particular  recursively-defined  function  is  de- 
notationally  equivalent  to  the  identity  function  on  the  recursive  type.  This 
opens  the  door  to  the  construction  of  relational  interpretations  without  the 
passage  to  a  denotational  semantics.  The  key  is  to  establish  the  minimal 
invariance  property  up  to  contextual,  rather  than  denotational,  equivalence. 
With  this  syntactic  minimal  invariance  property  in  hand  we  may  exploit 


1 


Pitts’s  results  to  construct  relational  interpretations  over  contextual  equiv¬ 
alence  classes  of  expressions  entirely  at  the  level  of  the  language  itself. 

Since  contextual  equivalence  is  a  congruence,  it  induces  a  compositional 
interpretation  that  may  be  seen  as  a  form  of  denotational  semantics,  albeit 
one  that  is  adequate  by  construction.  This  suggests  that  our  approach  may 
be  seen  as  a  particular  instance  of  the  standard  construction.  However, 
as  Mason,  Smith,  and  Talcott  have  shown  [11],  the  interpretation  induced 
by  taking  contextual  equivalence  classes  does  not  yield  a  domain  in  the 
conventional  sense  since,  for  example,  not  all  chains  have  least  upper  bounds. 
Thus  the  operational  approach  to  interpreting  recursive  types  as  relations 
differs  fundamentally  from  the  denotational  method. 

We  study  the  construction  of  relational  interpretations  for  an  ML-like 
language,  C,  with  recursive  functions  and  one  recursive  type.  The  opera¬ 
tional  semantics  of  the  language  specifies  a  call- by- value,  or  “eager”,  eval¬ 
uation  strategy,  as  in  Standard  ML  [13].  We  make  no  restrictions  on  the 
occurrence  of  the  recursively-defined  type  in  its  definition  —  both  positive 
and  negative  occurrences  are  permitted. 

The  proof  of  syntactic  minimal  invariance  for  £■  relies  on  a  characteriza¬ 
tion  of  contextual  equivalence  given  by  Mason,  Smith,  and  Talcott  [11], 
called  experimental  equivalence.  The  primary  interest  in  this  notion  of 
equivalence  is  that  it  coincides  with  contextual  equivalence  and  supports 
a  relatively  straightforward  proof  of  syntactic  minimal  invariance.  Other, 
equivalent,  characterizations  are  also  available,  but  these  do  not  appear  to 
significantly  simplify  the  argument. 

We  give  two  examples  of  the  use  of  relational  interpretations  to  analyze 
properties  of  the  language  C.  First,  we  derive  another  characterization  of 
contextual  equivalence,  called  logical  equivalence ,  that  validates  induction 
and  coinduction  principles  for  reasoning  about  values  of  the  recursive  type. 
We  illustrate  the  use  of  logical  equivalence  with  two  small  examples  based 
on  similar  examples  given  by  Pitts  [16].  Second,  we  give  a  relational  proof 
of  correctness  of  the  continuation-passing  (cps)  transform  introduced  by 
Fischer  [4]  and  Plotkin  [18]  and  studied  by  Reynolds  [20].  The  proof  relies 
on  the  construction  of  a  relational  interpretation  of  C  that  establishes  a 
correspondence  between  the  evaluation  of  a  program  and  its  continuation¬ 
passing  transform.  This  generalizes  Reynolds’  result  [20]  to  the  case  of  a 
typed  language  with  an  arbitrary  recursive  type,  while  avoiding  the  need  to 
consider  a  denotational  semantics  for  C. 

This  paper  is  organized  as  follows.  In  Section  2  we  define  the  syntax  of 
the  language  C,  define  the  operational  semantics  and  show  some  standard 
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typing  properties,  including  type  soundness.  Then  in  Section  3  we  define 
the  notion  of  experimental  equivalence,  with  which  we  shall  be  working  in 
the  remainder  of  the  paper.  The  main  result  of  this  section  is  the  proof 
of  syntactic  minimal  invariance  based  on  a  technique  introduced  by  Mason, 
Talcott,  and  Smith  [11].  In  Section  4  we  define  a  universe  of  admissible 
relations  over  contextual  equivalence  classes  of  closed  expressions.  We  also 
define  relational  operators  corresponding  to  the  type  constructors  of  the  lan¬ 
guage  and  show  that  they  preserve  admissibility.  The  relational  constructors 
are  used  in  Section  5  where  we  construct  a  relational  interpretation  of  types 
using  the  method  described  above.  In  Section  6  we  show  how  to  use  our 
method  to  give  a  relational  interpretation  which  coincides  with  contextual 
equivalence.  In  Section  7  we  apply  the  method  to  give  a  proof  of  correctness 
of  the  cps  transformation.  Finally,  in  Section  8  we  discuss  related  work,  and 
in  Section  9  we  conclude. 

2  The  Language 

The  language,  £,  is  a  simply-typed  fragment  of  ML  with  one  top-level  re¬ 
cursive  type.  We  let  x  and  /  range  over  a  set  Var  of  program  variables.  The 
syntax  of  the  language  is  given  by  the  following  grammar: 


Types 

T 

1—1 

O 

]l 

1  n  +  r2  1  Ti 

& 

1 

C 

X 

Expressions 

e 

v  |  in  e 

out  e  | 

inlT  e 

|  inrT  e  |  case(ei,  e2,  e3)  | 

(ei,e2) 

|  fst  e  | 

snd  e 

I  ei  e2 

Values 

V 

::=  *  |  in  v  \ 

inlT  v 

inrT  v  1 

C2 

<5 

to 

|  fix  f(x:r).e 

Evaluation 

E 

::=  _  |  in  E 

|  out  E 

1  inlT 

E  |  inrT  E  \  cas e(E,e,e') 

Contexts 

(E,e)  | 

(v,E)  | 

fst  E 

|  snd  E  |  E  e  \  v  E 

The  C  raw  terms  are  given  by  the  syntax  trees  generated  by  the  grammar 
above,  with  e  as  start  symbol,  modulo  a-equivalence,  as  usual.  Alpha- 
equivalence  is  denoted  =a.  Observe  that  p  is  a  type  constant.  Distinguish 
a  fixed  type  expression  rp,  the  intuition  being  that  p  is  a  recursive  type 
isomorphic  to  rp;  in  and  out  are  used  to  mediate  the  isomorphism. 

A  finite  map  is  a  map  with  finite  domain.  We  use  0  to  denote  the  map 
whose  domain  is  the  empty  set.  The  domain  and  range  of  a  finite  map  /  are 
denoted  Dom (/)  and  Rng (/),  respectively.  When  /  and  g  are  finite  maps, 
f  +  g  is  the  finite  map  whose  domain  is  Dom(/)  U  Dom(#)  and  whose  value 
is  g(x)y  if  x  E  Dom(j),  and  f(x)  otherwise,  f  -l  A  means  the  restriction 
of  /  to  A ,  and  f\  A  means  /  restricted  to  the  complement  of  A.  We  use 
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[x\  :  yi, . . .  ,xn  :  yn\  to  denote  the  finite  map  which  maps  Xi  to  yi,  for  all 
1  <  i  <  n. 

We  denote  the  set  of  all  types  by  Type.  A  typing  context  is  a  finite 
map  from  variables  to  types;  we  use  T  to  range  over  typing  contexts.  If 
x  0  Dom(r),  then  F[a;  :  r]  denotes  the  typing  context  T  +  [x  :  r].  A  typing 
judgment  has  the  form  T  h  e  :  r.  The  typing  rules  are  given  in  Figure  1.  We 
write  h  e  :  r  for  0  h  e  :  r.  The  C  terms  is  the  set  of  raw  terms  e  for  which 
there  exists,  for  each  e,  a  typing  context  T  and  a  type  r  such  that  T  h  e  :  r. 

Note  that,  even  though  there  is  no  explicit  introduction  rule  for  the  type 
0,  there  are  terms  of  this  type,  for  instance  (fix  f(x:l).f  x)  *. 

The  set  of  expressions  of  type  r  with  free  variables  given  types  by  T, 
denoted  Expr(r)  is  defined  as  follows. 

Expr(r)=f  {e  |  rhe:r} 


Further  define 

Expr  =f  ExpT(0) 

Likewise,  we  define  sets  for  values  as  follows. 


Valr(r)  = {v  |  Fhv  :t} 


and 

Valr  d=  ValT(0) 

Substitution  of  an  expression  ef  for  free  occurrences  of  x  in  e  is  written 
[ef /x]e.  The  parallel  substution  of  ei,  . . .  en  for  x\ ,  . . . ,  xn  in  e  is  written 
[ei, . . . ,  en/^i, . . . ,  xn]e.  We  let  FV(e)  denote  the  set  of  free  variables  in  e. 
We  use  A x:r.e  as  an  abbreviation  for  fix  f(x:r).e  where  /  is  some  variable 
satisfying  /  0  FV(e). 

2.1  Contexts 

The  C  contexts,  ranged  over  by  C,  are  the  syntax  tree  generated  by  the 
grammar  for  e  augmented  by  the  clause 

c  ::=  --Ip 

where  p  ranges  over  some  fixed  set  of  parameters.  Note  that  the  syntax 
trees  of  C  terms  are  contexts,  namely  the  ones  with  no  occurrence  of  param¬ 
eters.  [C/p\C'  denotes  the  context  obtained  from  context  Cf  by  replacing 
all  occurrences  of  p  in  Cf  with  C.  This  may  involve  capture  of  variables. 
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r  h  x  :  r  (I»  =  r) 

(t-var) 

rh*:l 

(t-one) 

r  h  ei  :  n  r  h  e2  :  r2 

F  h  (ei,e2)  :  n  x  r2 

(t-prod) 

r  h  e  :  ri  x  T2 

T  1-  fst  e  :  t\ 

(t-fst) 

T  h  e  :  t\  x  r2 

T  h  snd  e  :  r2 

(t-snd) 

T  h  e  :  ri 

T  h  inlT2  e  :  ri  +  r2 

(t-inl) 

T  h  e  :  r2 

r  h  inrTl  e  :  Ti  +  r2 

(t-inr) 

r  1-  ei  :  n  +  r2  r  h  e2  :  n  -*■  r  r  h  :  r2  — 1  r 

(t-case) 

T  h  case(ei,e2,e3)  :  r 

r[/:r1-r*:r1]l-e:T2  (/^Dom(r)) 

T  h  fix  /(#:ri).e  :  ri  — ^  T2 

(t-fix) 

r  h  ei  :  t2  ^  r  T  b  e2  :  r2 

r  h  ei  e2  :  r 

(t-app) 

Theip 

T  h  out  e  :  tp 

(t-out) 

T  h  e-.Tp 

T  b  in  e  :  p 

(t-in) 

Figure  1:  Typing  Rules 
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Lemma  2.1  If  C\  =a  then  [C\/p]Cl  =a  [C2/p]Cf. 
Proof  By  induction  on  Cf. 


□ 


By  Lemma  2.1,  the  operation  of  substituting  for  a  parameter  in  a  context 
induces  a  well-defined  operation  on  a-equivalence  classes  of  £  contexts. 

Notation  2.2  Most  of  the  time  we  will  only  use  contexts  involving  a  single 
parameter  which  we  will  write  as  We  write  C{£\  to  indicate  that  C  is 
a  context  containing  no  parameters  other  than  _  (note  that  it  may  contain 
no  parameters  at  all).  If  e  is  an  £  term ,  then  C{e}  denotes  the  raw  term 
resulting  from  choosing  a  representative  syntax  tree  for  e,  substituting  it 
for  the  parameter  in  c  and  forming  the  a-equivalence  class  of  the  resulting 
£  syntax  tree  (which  by  the  remarks  above  is  independent  of  the  choice  of 
representative  for  e). 

2.2  Typed  Contexts 

We  will  assume  given  a  function  that  assigns  types  to  parameters.  We  write 
_T  to  indicate  that  a  parameter  _  has  type  r. 

The  relation  V  b  C  :  r  is  inductively  generated  by  axioms  and  rules 
just  like  those  defining  Their  together  with  the  following  axiom  for 
parameters. 

r  h  _r  :  r  (t-par) 

The  set  of  contexts  of  type  r  with  free  variables  given  types  by  T,  denoted 
CtxT(r)  is  defined  as  follows. 

CtxT(r)d=  {C  |  T\~C  :t} 

Ctxr  =f  Ctxr(0) 


2.3  Evaluation 

The  operational  semantics  will  be  given  by  term  rewriting  and  will  be  defined 
for  all  closed  terms  (not  only  those  of  ground  type). 

The  set  of  evaluation  contexts  are  the  syntax  trees  generated  by  the 
grammar  for  E.  Note  that  this  is  clearly  a  subset  of  the  set  of  contexts 
(with  parameters  including  .).  Hence  we  shall  use  the  notation  associated 
with  contexts  for  evaluation  contexts  also.  In  addition,  we  define 

ECtxr(r)=f  {E  |  T\~E:t} 
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and 


ECtxr  =  ECtxr(0) 

Note  that  evaluation  contexts  are  not  capturing.  Hence  we  have  the  follow¬ 
ing  lemma. 

Lemma  2.3  For  all  e  €  ExpT  and  for  all  E{.T}  €  ECtxri,  E{e}  =  {e/x]E{x} 
Proof  By  induction  on  E.  □ 

Redices  are  generated  by  the  following  grammar. 

Redices  r  (fix  f(x:r).e)  v  |  fst  (v\,V2)  |  snd  (vi,  V2)  \ 

out  (in  v)  |  case(inlT  v,ei,e2)  |  case(inrT  v,ei,e2) 

Note  that  the  set  of  redices  is  a  subset  of  the  set  of  expressions.  We  define 

RexpT(r)  ^f{r  |  rbr:r} 


and 

Rexpr  Rexpr(0) 

Lemma  2.4  For  all  e  €  ExpT  \  ValT,  there  exists  a  unique  pair  of  evaluation 
context,  E,  and  redex,  r,  such  that  e  =  E{r}. 

Proof  By  induction  on  e.  □ 


The  reduction  rules  for  redices  are  as  follows. 


(fix  f(x:r).e)v 

fst  (^1,^2) 

snd  (^1,^2)  ^ 

out  (in  v)  -w 


case(inlT  v, ex, ^ 
case(inrT  v,  ex,  e 2)  ^ 


[fix  f(x:r).e,v/f,  x]e 

vi 

V2 

V 

e\  v 
e2v 


(r-beta) 

(r-fst) 

(r-snd) 

(r-out) 

(r-case-inl) 

(r-case-inr) 


Further,  we  define,  for  closed  expressions  e  and  e',  e  1-4  e'  if  and  only  if 
e  =  E{r}  and  e'  =  E{e  1}  and  r  ^  e\. 

Definition  2.5  The  reflexive  and  transitive  closure  of  1-*  is  denoted  h-**. 
For  n  >  0,  we  define  e  e'  iff  e  =  eo  ^  ex  •••en_x  h*  en  =  ef. 
Further,  we  write  e  ft  iff  whenever  e  ef,  there  exists  an  en  such  that 
ef  1  y  e".  Finally,  we  write  e  ft  iff  there  exists  a  v  such  that  e  v. 
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Note  that  evaluation  is  only  defined  for  closed  expressions  and  that  during 
evaluation  we  will  only  ever  substitute  closed  values  for  variables. 

Lemma  2.6  (Evaluation  is  deterministic)  If  e  *-¥  e'  and  e  e" ,  then 
e'  =  e". 

Proof  Follows  by  Lemma  2.4.  □ 

Lemma  2.7  1.  For  all  r  and  all  v  £  ValT:  v  1). 

2.  For  all  e  £  ExpT,  if  ei4  e',  then  e  £  ExpT  \  ValT. 

Lemma  2.8  For  all  E{-n)  £  ECtxT2,  and  for  all  e  £  Expn  \  ValT1,  if 
E{e}  t — )■  E{e'},  then  there  exists  £’i{_r3}  €  ECtxn  and  r  £  RexpT3  and 
e\  £  Expn  such  that  e  =  Ei{r}  and  e'  =  Ei{e\ }  and  n->e  i. 

Lemma  2.9  1 .  If  r[ar  :  r]  b  e  :  t'  and  T  b  e'  :  r,  t/ien  T  h  [e'/a:]e  :  t'. 

2.  If  E{e}  :  r  t/ien  t/iere  exists  a  re  suc/j  that  h  e  :  re  and  h  £l{e,}  :  r 
/or  all  e '  such  that  b  e'  :  re. 

Theorem  2.10  (Preservation) 

If  e  i-4  e'  and  he:r,  t/ien  h  e;  :  t. 

Proof  By  the  definition  of  the  evaluation  relation  and  Lemma  2.9.  □ 


Lemma  2.11  (Canonical  Forms)  Suppose  that  b  v  :  r.  Then 

•  t/0. 

•  If  t  =  1,  then  v  =  *. 

•  If  t  =  p,  then  v  =  in  v'  for  some  v'  £  ValTp . 

•  Ifr  =  t\+T2,  then  either  v  =  inlT2  v'  for  some  v'  £  ValTl  orv  =  inrTl  v' 
for  some  v'  £  ValT2 . 

•  If  r  =  ti  x  T2,  t/«en  n  =  (^1,^2)  /or  some  £  Vd/ri  and  some  «2  € 
ValT2  ■ 

•  If  t  =  t\  T2,  then  v  =  fix  f(x:r \).e  for  some  variables  f  and  x,  and 
some  e  £  ExpT2([f  :ti~xt2,x  :  n]). 
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Proof  By  inspection  of  the  typing  rules  and  the  definition  of  closed  val¬ 
ues.  □ 


Theorem  2.12  (Progress)  If  b  e  :  r,  then  either  e  is  a  value  or  there 
exists  an  e'  such  that  e  eb 

Proof  By  induction  on  h  e  :  r.  □ 


Lemma  2.13  (Uniformity  of  Evaluation)  For  all  e  G  ExpT  \  ValTl  and 
for  all  E{-n}  G  ECtxT,2 ,  if  E{e}  E{e'},  then  Vf?'{_Tl}  G  ECtxT2  : 
E'{e }  i — ^  E'{e'}. 

Proof  By  the  definition  of  the  evaluation  relation  e4e'  and  the  definition 
of  the  reduction  rules.  □ 


Lemma  2.14  For  all  e,  e'  G  ExpT  \  ValTl  and  for  all  E{.r}  G  ECtxr< ,  if 
E{e}  E{e'},  then  also  e  e'. 

Lemma  2.15  If  e  G  ExpT  and  e  ft,  then  VE{_r}  G  ECtxTi  :  E{e}  ft. 

3  Experimental  Equivalence 

For  closed  expressions  of  base  type  1,  we  define  a  notion  of  Kleene  approxi¬ 
mation  and  Kleene  equivalence  as  follows. 

Definition  3.1  (Kleene  Approximation  and  Equivalence)  For  allege'  G 
Exp1)  we  define  e  -<k  e'  iff  e  •-»*  *  =>•  e'  >->■*  *  and  e  e'  iff  e  i->*  *  <=$■ 
e'  *-+*  *. 

For  closed  expressions  we  define  notions  of  experimental  approximation  and 
experimental  equivalence  as  follows. 

Definition  3.2  (Experimental  Approximation  and  Equivalence)  For 

all  e,e'  G  ExpT,  we  define 

here'll  V£{_r}  G  ECtxi  :  E{e}  ±k  E{e'} 

b  e  «  e' :  r  <*==►  V£{.T}  G  ECtx i  :  E{e}  E{e'} 

Lemma  3.3  b  e  «  e' :  r  <*=>  (  b  e  ■<  e' :  r  A  b  e'  -<e  :t) 
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Notation  3.4  When  r  is  clear  from  context  we  write  e  -<ef  for  b  e  ■<  e'  :  r 
and  e  m  e'  for  b  e  ~  e7  :  r. 

We  now  establish  some  basic  properties  of  experimental  equivalence  and 
evaluation. 

Lemma  3.5  If  b  e\  m  e2  :  r  then  e\  JJ-  iff  e 2  JJ-. 

Lemma  3.6  For  all  e  £  ExpTl  and  for  all  F{_Tl}  G  ECtxT, 
b  F{e}  w  (Aa;:r.F{a;})  e  :  r. 

Lemma  3.7  (^Ck)  For  all  e,e'  £  ExpT,  if  eG  e',  then  b  e  «  e'  :  r. 

Lemma  3.8  Experimental  equivalence,  is  an  equivalence  relation.  That 
is,  the  following  three  properties  hold. 

1.  If  b  ei  «  e2  :  r  and  \-  e?  &  e$  :  t,  then  b  ei  «  e%  :  r. 

2.  If  e  £  Expr,  then  b  e  ~  e  :  t. 

3.  If\-e\zee2'T,  then  b  e2  ~  ex  :  r. 

Lemma  3.9 

1.  If  b  e  «  (ex,  e2)  :  n  x  r2  then  e  JJ-  iff  e\  (1  and  e-i  -IJ-. 

2.  If  he«  (ex,  e2)  :  x  T2  and  b  ex  «  ej  :  rx  and  b  e2  «  :  T2,  then 

b  e  «  (e^e^)  :  rx  x  r2. 

3.  If  b  e  ~  (ex,e2)  :  rx  x  T2  and  e  JJ-,  then  b  fst  e  «  ex  :  t\  and 
b  snd  e  m  e2  ■  T2- 

Lemma  3.10 

1.  If  b  e  ^  inlT2  e'  :  n  +  r2  then  e  iff  e'  JJ..  If  be«  inrT1  e'  :  n  +  r2, 
then  e  (1  iff  e'  (1. 

2.  If  hex;  inlT2  e'  :  rx  +  T2  and  b  e'  k  e"  :  rx,  then  b  e  «  inlT2  el'  : 

rx  +  T2-  //  b  e  «  inrTl  er  :  rx  +  T2  and  be'«  e"  :  T2,  then  b  e  « 

inrTl  e"  :  Ti  +  72. 

5.  //  b  e  «  inlT2  e'  :  n  +T2  and  e  Jj-,  then  there  exists  a  v1  such  that 
hem  inlT2  v'  :  T\  +  T2  and  b  e' m  v'  :  t\.  If  b  e  «  inrTl  e'  :  T\  +  T2 
and  e  JJ.,  then  there  exists  a  v'  such  that  h  e  ~  inrT1  v'  :  t\  +  T2  and 
b  e' m  v'  :  T2 . 
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4 .  f-  inlT2  e  ss  inlX2  e'  :  t\  +T2  iff  b  e  w  e'  :  ri.  b  inrTl  e  «  inrTl  e'  : 
Ti  +  r2  iff  b  e  ss  e'  :  t^. 

Lemma  3.11 

1.  If  b  e  fts  in  e'  :  p,  then  e  ft  iff  e'  ft. 

2.  If  b  e  «  in  e'  :  p  and  e'  ft  then  e  ft. 

3.  If  b  e  «  in  e'  :  p  and  he'a  e"  :  rp,  i/ien  b  e  «  in  e"  :  p. 

4 .  b  in  e  ss  in  e' :  p  iff  b  e  «  e'  :  rp. 

We  shall  now  prove  a  somewhat  technical  lemma  to  the  effect  (Corol¬ 
lary  3.13)  that  we  can  restrict  the  set  of  evaluation  contexts  to  consider 
when  proving  b  e  <  e' :  r.  It  turns  out  that  we  can  restrict  attention  to  the 
evaluation  contexts  for  which  the  hole  occurs  in  an  atomic  testing  context. 

The  atomic  testing  contexts ,  ranged  over  by  T  are  the  syntax  tree  gen¬ 
erated  by  the  following  grammar 

T  "=  -i  |  out  -p  |  case(_Tl+T2,ei,e2)  |  fst  _Tixt2  I  snd  -tjxt2  I  -ri— v 

We  define 

TCtxr(r)  =  {T  I  r  bT  :  r} 

and 

TCtxT  d=  TCtxT(0) 

We  shall  be  a  little  more  pedantic  than  elsewhere  in  the  following  lemma 
as  it  is  a  little  delicate. 

Lemma  3.12  Vn  E  N  :  Vr  E  Type  :  Vu,  vr  E  ValT  :  if 

Vr'  €  Type  :  V£{.T/}  £  ECtx i  :  VT{^}  €  TCtxr>  :  £{T{t;}}  <k  E{T{v'}} 

(1) 

then 

Vr'  €  Type  :  \/z  £  Var  :  Ve  £  ([z  :  r])  :  Vi?{_T/ }  £  fJCtei  ([2  :  r])  : 

*)  =*>  i[v'/z]{E M)  •->*  *) 

(2) 

Proof  By  induction  on  n. 

Basis  (n  =  0):  Let  r  E  Type  and  E  Valr  be  arbitrary.  As¬ 

sume  (1).  We  are  to  show  (2)  with  0  substituted  for  n.  Let  rr  E  Type, 
z  E  Var,  e  E  Expr/([;>:  :  r]),  and  E  ECtxi([z  :  r])  be  arbitrary.  As¬ 

sume  [v / z](E{e})  i — )“°  *.  Then  [v/z](E{e})  =  *.  Thus  there  are  two  cases 
to  consider. 
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1.  t'  =  1,  E  =  _i,  and  e  =  * 

2.  r'  =  1,  E  =  _i,  e  =  z,  r  =  1,  and  v  —  * 

SubCase  1:  Then  also  [v'  /  z\(E{e})  =  *  and  hence  \v' / z\(E{e})  i-4*  *,  as 
required. 

SubCase  2:  By  assumption  (1)  with  r'  —  r,  E{-ti}  =  _T,  and  T{_t}  =  _i, 
we  have  that  ( v  i->*  *)  =$-  ( v '  i-V  *).  As  v  =  *,  indeed  ( v  >-»■*  *),  whence  we 

can  conclude  that  v'  h->*  *.  Thus  v'  =  *  and  hence  also  [v'  /  z](E{e))  —  *,  so 

[v' / z\{E{e})  i->*  *,  as  required. 

Inductive  Step:  We  assume  that  the  lemma  holds  for  n  >  0  and  show 
for  n  +  1.  Let  r  G  Type  and  v,v'  G  ValT  be  arbitrary.  Assume  (1). 
We  are  to  show  (2)  with  (n  +  1)  substituted  for  n.  Let  t'  G  Type,  2  G 
Var,  e  €  ExpT»([z  :  rj),  and  E{.T'}  G  ECtxi([z  :  r])  be  arbitrary.  Assume 
[v/z){E{e})  i-)-n+1  *.  Since  there  is  at  least  one  reduction  step,  we  can 
proceed  by  cases  on  the  first  reduction  step. 

Case  R.-BETA:  Then  there  are  two  cases 


1.  r  =  rj  — 1  72  and  E{e}  =  E'{zv i}  for  some  1?'{_T2 }  G  ECtxi([2;  :  r]) 
and  some  v\  G  ValTl  ([z  :  r]) 

2.  E{e}  =  E'{ fix  f{x:ri).eoVi}  for  some  E'{-T2)  G  ECtxi([^  :  r]),  some 
v\  G  Val n([z  :  r]),  and  some  fix  f(x:ri  ).eo  G  Valn ^r2 ( [z  :  t]) 

SubCase  1:  Then  v  is  of  the  form  fix  f(x:T\).eo.  Thus 


[v/z]{E{e})  = 


i — y 


n 


[v/z](E'{zv  i}) 

[v/z){E'{{ fix  f(x:n).eo) Ui» 
[v/z]{E'{[v,vi/f,  z]e0}) 


(3) 

(4) 


Now  by  the  induction  hypothesis  we  have  (with  r  =  r,  v  =  v  and  v'  =  v' 
and  noting  that  (1)  holds  by  assumption)  that 

Vr'  G  Type  :  Vz  G  Var  :  Ve  G  ExpT/([z  :  r])  :  VE{_T/}  G  ECtxj([z  :  r])  : 
({v/z\{E{e})  *)  =>  {[v' / z]{E{e})  ^ *  *) 

(5) 

Letting  t'  =  T2,  z  =  z,  e  =  [v,vi/ f,x]eo,  and  E{.ti}  =  E'{-T2}  in  (5)  and 
using  (3)  and  (4),  we  conclude  that 

[v,/z]E'{[v,vi/f,x]e0}  *  (6) 
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By  (6)  and  recalling  that  v  =  fix  f(x:ri).eo  we  get  that 


[v'/z\E'{vv  1}  (->•  [v'/z]E'{[v,vi/f,x]e0}  *  (7) 

By  assumption  (1)  on  (7)  with  t'  =  r2,  —  [f / (£,/ {_r2 } )  £  ECtxi, 

and  T{-r}  =  -T  {[v/z]v\)  G  TCtxT2  we  get 

[v' /z\E'{v'  v  1}  (-)■*  *  (8) 

Hence,  as  [v' /z}E{e}  =  [v' /z]E'{v'  v  1},  we  have  the  required  by  (8). 
SubCase  2:  Then 

{v/z){E{e})  =  [v /z](E’ {fix  f(x:Ti).e0vi}) 

[v  /  z\{E' {[fix  /(ar:ri).e0,ui//,a;]eo})  (9) 

n- n  *  (10) 

Now  by  the  induction  hypothesis  we  have  (with  r  =  r,  v  =  v  and  v'  =  v' 
and  noting  that  (1)  holds  by  assumption)  that 

Vr'  G  Type  :  Vz  6  Var  :  Ve  G  ExpT/([z  :  r])  :  'iE{-T’\  G  ECtxi  ([z  :  r])  : 
([v/z](E{e})  M-n  *)  =>  ([«'/ z]{E{e})  H-*  *) 

(11) 

Letting  t'  =  r2,  z  =  z,  e  =  [fix  f(x:Ti).e0,vi/f,x]e0 ,  and  £■{-,-/}  =  E'{.T2} 
in  (5)  and  using  (9)  and  (10),  we  conclude  that 

[v'  /  z\{E' {[fix  f{x:Ti).e0,vi/f,x\e0})  ■->•*  *  (12) 

We  have  that 

W/z\{E{e })  =  [v' /z](E' {(fix  f(x:Ti).e0)  Vi})  (13) 

^  [v'/z]{El{[f\x  f{x:Ti).e0,Vi/f,x\e0})  (14) 

Hence,  combining  (12)  and  (13)  and  (14),  we  have  that 

[v'/z](E{e})  * 


as  required. 

Case  r-out,  r-case-inl,  r-case-inr,  r-fst,  or  r-snd:  The  proof  for 
each  of  these  cases  proceeds  analogously  to  the  previous  case,  with  two  sub¬ 
cases  for  each  case,  and  using  the  corresponding  atomic  testing  contexts.  □ 
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Corollary  3.13  Vr  G  Type  :  Vv,n'  6  ValT  :  if 

Vr'  €  Type  :  VE{. v}  G  ECtxx  :  VT{_t}  G  TCfav  :  £{TM}  <k  E{T{v'}} 

(15) 

then 

h  v  ^  v1  :  t 

Proof  Let  r  G  Type,  and  v,  ?/  G  ValT  be  arbitrary.  Assume  (15).  Let 
E{-T}  G  ECtxi  be  arbitrary.  We  are  to  show  that 

E{v}  H >*  *  E{v'}  i-4*  *  (16) 

From  our  assumption  (15)  we  get  by  Lemma  3.12 

Vt'  G  Type  :  Vz  G  Var  :  Ve  G  ExpT/([z  :  rj)  :  VE{^}  G  ECtxi([z  :  rj)  : 
([uA](E{e})  ->*  *)  =*  ([v'/z](E{e})  e4*  *) 

(17) 

Letting  t'  =  r,e  =  z  and  E{_r'}  =  E{_T}  in  (17),  we  get  (16),  as  required.  □ 

The  next  corollary  is  an  immediate  consequence  of  Corollary  3.13  and  is 
the  formulation  which  we  will  often  make  use  of  in  the  following. 

Corollary  3.14 

1.  To  show  \~  v  <  v' :  t\  T2,  it  suffices  to  show 

V£{_T1^T2  «i}  G  ECtxi  :  E{v}  E{v'} 

2.  To  show  b  w  4  u'  :  n  x  72,  it  suffices  to  show 

V£{fst  -TiXt2}  €  ECtx i  :  E{v}  ±k  E{v'} 

and 

VE{snd  _riXT2}  G  ECtx i  :  E{v}  <k  E{v'} 

3.  To  show  \~  v  ■<  v'  :  t\  +  t<2,  it  suffices  to  show 

VE{case(_T1+T2,  ei,  e2)}  G  ECtx i  :  E{v}  E{v'} 

4-  To  show  b  v  ^  v'  :  p,  it  suffices  to  show 

V£{ out  _p}  G  ECtx i  :  E{v}  <k  E{v'} 

Proof  Follows  by  Corollary  3.13  and  the  definition  of  atomic  contexts.  □ 


14 


3.1  Compactness  of  Evaluation 

In  this  section  we  show  that  a  fix-term  is  approximated,  in  the  experimental 
approximation  pre-order,  by  its  finite  unrollings.  Further,  we  show  that  to 
fill  a  context  is  a  monotone  operation  with  respect  to  the  experimental  pre¬ 
order  and  we  use  this  to  show  that  a  fix-term  is  the  least  upper  bound  of 
its  finite  unrollings.  These  properties  are  also  referred  to  as  compactness  of 
evaluation.  Finally,  we  show  that  to  fill  a  context  is  a  continous  operation 
with  respect  to  the  approximation  pre-order.  We  shall  only  be  concerned 
with  closed  fix-terms,  as  this  suffices  for  our  purposes. 

Our  development  of  compactness  of  evaluation  follows  the  approach  of 
Pitts  [16,  Section  5]  quite  closely  but  there  are  some  technical  differences  due 
to  the  fact  that  we  use  a  reduction  semantics  rather  than  a  natural  semantics 
as  employed  by  Pitts.  We  have  chosen  this  formulation,  using  cofinal  sets, 
because  it  fits  nicely  with  our  formulation  of  admissible  relations,  for  which 
a  formulation  based  on  cofinal  sets  suffices  (see  Section  4). 

Throughout  this  section  we  shall  consider  a  particular  fixed  term  F  = 
fix  f(x:ri).e  satisfying  F  G  ExpTl^T2,  and  use  the  following  abbreviations: 

fix  f°(x:Ti).e  d=  fix  f(x:n).fx 
fix  fn+1(x:ri).e  d=  Xx:ri.[Fn/f]e 
F 

Note  that  we  here  simply  define  some  abbreviations  of  expressions  already  in 
the  language.  This  is  opposed  to  introducing  new  labelled  expressions  and 
new  notions  of  reduction  for  labelled  expressions  as,  e.g.,  done  by  Gunter  [9]. 

We  will  only  consider  contexts  involving  parameters  of  type  r\  — L 
We  write  C{p}  for  such  a  context  whose  parameters  are  included  in  the  list 
p  (note  that  we  do  not  required  that  all  the  parameters  in  p  occur  in  (7). 
Given  an  A;-tuple  n  =  (ni,...,ra&)  of  natural  numbers,  then  we  make  the 
following  abbreviations. 

C{Fn}  d=lf  C{Fni,...,Fnk} 

C{Fa }  ^  C{Fm...,Fu} 

The  length  of  a  list  of  parameter  p  will  be  denoted  |p|. 

Definition  3.15  For  each  k,  we  partially  order  the  set  Nk  by 


F0  = 

*n+l  — 

jp  def 

^  Cl)  - 


n  <n'  <=$■  (ni  <  n[  A  •  •  •  Ank  <  n'k) 
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Definition  3.16  A  subset  I  C  Nk  is  said  to  be  cofinal  in  Nk  if  and  only  if, 
for  all  n  £  Nk,  3 n'  £  I :  n  <  n'.  We  write  Vcoi(Nk)  for  the  set  of  all  such 
cofinal  subsets  of  Nk. 

We  say  that  a  context  C  is  a  value  if  it  follows  the  grammar  for  values  v 
augmented  by  the  obvious  clause  for  parameters.  We  introduce  the  following 
definitions  of  sets  of  value  contexts 

VCtxT(r)  =f  { C  £  Ctxr(r)  C  is  a  value  or  C  is  a  parameter} 
VCtxr  d=  VCtxT(0) 

We  use  V  to  range  over  value  contexts.  We  say  that  a  value  context  is  proper 
if  it  is  not  a  parameter. 

Remark  3.17  Note  that ,  ifV{-r}  E  VCtxTf  is  a  proper  value  context  and 
e  €  Expr,  then  V{e}  is  a  value.  Also,  ifV{-T}  E  VCtxTr  and  v  E  ValT,  then 
V{v }  is  a  value. 

Notation  3.18  We  abbreviate  V{F and  V{F$}  analogously  to  C{FJfl} 
and  C{F$}. 

Definition  3.19  If  C{p}  is  a  context  and  V{pf}  is  a  value  context,  then  we 
write  C{p}  V{p}  to  mean  that  for  all  I  E  Vcof{N^) 

{  mm'  |  m  £  I A  C7{F^}  V{FW}  }  £  Vcoi{N^\) 

Note  that  the  relation  <7{p}  V{p}  is  preserved  under  renaming  of  the 
parameters  p  and,  independently,  the  parameters  p  . 

Lemma  3.20  If  C{p}  is  a  context  and  V{pf}  is  a  value  context,  then 

C{p}  V{f?}  <=>  C{pq}  4F  V{p'c! } 

Proof  By  definition  of  4> 1  and  simple  properties  of  cofinal  subsets  of  Nk.  □ 


Lemma  3.21 

1.  IfV{p}  is  a  proper  value  context,  then  V { p}  Jj-7'  V { p]  ■ 

2.  If  E'{V}{p}  -iJ-F  V" {p"\  and  V'{pp'}  is  a  value  context,  then 
E'{fst(V,V')}{0}^FV"{p"}. 
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3.  If  E'{V}{p}  JJ.F  V" {p"}  and  V'{ pp'}  is  a  value  context,  then 
E'{snd(V,V')}{0}HFV"{pr}. 

4-  IfE'{V}{p}14FV'{0},  then 
E'{ out  (in  V)}{p}  r  V'{p'}. 

5.  If  E'{e  i  v}{p }  JJ.F  V{p  }  and  e2  =  C2{Fq}  for  some  C2{pp},  then 
E'{case(inlT2  v,ei ,e2)}{pp'}  tyFV{p'} 

6.  If  E'{e2v}{p}  JJ.F  V{p},  and  e\  =  Ci{F$]  for  some  Ci{pp'},  then 
,E'{case(inrTl  v,e1,e2)}{pp  }  -D-F  F{p'} 

Proof  Item  1  is  immediate.  We  show  item  2;  items  3-6  are  similar. 

Let  C  —  E'{V}  and  let  C'  —  i?'{fst  (V,  F,)j.  By  the  assumption  and 
Lemma  3.20, 

c{  pp'H^V'}  (18) 

Assume  I  £  Vc 0f(./VlPl+lP  I).  Then  we  are  to  show  that 

I'  d=  {  mm'  |  m  e  I A  C"{FA}  V"{F^}  } 

is  a  cofinal  subset  of  iVlPl+lP  WP  L  But  C { F,yt }  i->  C{F^f\  so  by  determin¬ 
ism  of  evaluation,  C'{Fj^}  V"{F^i}  if  and  only  if  C{F^}  i-)-*  V"{F^i}. 

Hence  I'  equals  the  set 

{mm'|me/A  V"{F^}  } 

which  by  (18)  is  a  cofinal  subset  of  IVlPMP  I+IP  I,  as  required.  □ 


Lemma  3.22  (Compactness  of  Evaluation)  For  all  C{p}  £  CtxT,  if 
C{F$}  t->*  v,  then  there  exists  a  V{jf}  £  VCtxT  such  that  v  =  V{Fq} 
and  C{p}  JJ.F  V{0}. 

Proof  By  induction  on  the  length,  n,  of  C{F^}  k**  v. 

Basis  ( n  =  0):  Pick  V  =  C.  If  C  is  a  parameter,  then  the  required 
is  immediate  (recall  that  Fu  is  a  value).  Otherwise,  C  is  a  proper  value 
context  and  the  required  follows  by  Lemma  3.21,  item  1. 

Inductive  Step:  We  assume  it  holds  for  n  and  show  for  n  +  1.  To  this 

end  assume  C{Fq}  > . >"  '  1  v.  We  proceed  by  cases  on  the  first  reduction 

step. 

Case  R-FST:  Then  C{F$}  =  i?{fst  (rq,  v?)}  with  E  =  E'{F^},  v\  = 
V\{Fa},  and  v2  =  V2{Fq}  for  some  ^{p)},  Vi{p)},  and  ^{pip^}  with 
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P  =  plP2-  Moreover,  F{fst  (wi,U2)}  *->•  E{v\}  haw  v.  Note  that  E{v  1} 
is  of  the  form  C[{Fa)  where  C[{ p]}  =  E'{\ i}{pl}.  Hence  we  can  apply 
induction  on  n  to  yield  that  there  exists  a  H{p/}  such  that  v  =  V{F$}  and 
C{{p1}  1)F  H{p'}.  By  Lemma  3.21,  item  2,  also  C{p}  lj-F  F{p'},  as  required. 

Case  R-SND,  R-OUT,  R-CASE-INL,  R-CASE-INR:  All  analogous  to  preced¬ 
ing  case,  using  corresponding  item  in  Lemma  3.21. 

Case  r-beta:  Then  C{Fa}  =  £7{(fix  f'(x':T').e')  v'}  for  some  /',  x',  r', 
e',  v1,  and  E.  There  are  two  cases,  depending  on  whether  F  =  fix  f'{x'\T').e' 
or  not. 

SubCase  I:  Assume  F  =  fix  f'(x':r').e' .  Then 

C{Fa }  =  E{(i\x  f(x:r).e)  v'} 

HA  E{[f\x  f(x:T).e,v'/f,x\e} 
ha”  v 

where  E  =  E'{Fq]  and  v'  =  V'{Fq)  for  some  E'{ p}  and  L'{p}.  We  have 
that 

{[fix  f(x:r).e,v'/f,x]e}  =  E'{\p,V' /  f,x]e}{Fa} 

Let  C'{pp]  =  E'{\p,  V'/f,x]e}.  Then  we  have  that  C'{F^}  i-An  v  so  by 
induction  on  n  there  exists  a7{p}  such  that  v  =  V{p'}  and 

cm  v{p'}  (19) 

We  aim  to  show  that 

C{p}  1(F  Vtf}  (20) 

Let  I  €  'Pcof (NlPl)  be  arbitrary.  We  are  to  show  that 


h  =  {mm'  |  me  I A  C{F^}  ha*  V{F^,}  } 


is  a  cofinal  subset  of  N^.  Define 

h  =f  {  nm  |  me/An  =  fi(;A  C{Fifl}  ha  C"{Fn^}  } 

Clearly,  /2  is  cofinal  since  I  is  cofinal.  By  (19)  we  therefore  have  that 

h  =f  {  mm'  |  m  G  72  A  C' {Jfo}  ha*  V{Fm}  } 

is  cofinal.  Now  it  is  easy  to  see  that  J3  C  F  and  thus,  since  I3  is  cofinal,  I\ 
is  cofinal.  Since  I  was  arbitrary,  we  have  (20)  as  desired. 
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SubCase  II:  Assume  F  fix  f'(x':T').e' .  Then 

C{Fq}  =  E{(i\xf'(x':T').e')v'} 

£{[fix  f'{x':T').e', v'/f, x]e'} 
i-4n  v 

and  £{[fix  f'(x':T').e',v'/f,x]e'}  is  of  the  form  C\{Fq)  for  some  (7i{pp^}. 
By  induction  we  get  that 

C'UpplI^Fip'}  (21) 

Let  I  €  Vco{{N^)  be  arbitrary.  Let 

I\  =f  { mm'  |  m  E  I  Am,'  E  N^1  } 

Then  1\  is  a  cofinal  subset  of  JVlPI+lPil  since  /  is  cofinal.  Hence,  by  (21), 

h  =f  {  rhrh'rh"  \  fhm'  E  h  A  Ci{F^}  h->*  V{Fw>}  } 
is  cofinal  and  thus  it  is  easy  to  see  that  also 

h  =f  {  mm"  \  me  I A  C{FA}  h>*  V{FAn}  } 


is  cofinal,  as  required.  □ 

The  following  lemma  expresses  that  the  finite  unrollings  of  a  fix-term 
form  a  chain  with  respect  to  the  approximation  order  and  that  the  fix-term 
itself  is  an  upper  bound  of  this  sequence.  We  shall  soon  see  that  it  is  in  fact 
the  least  upper  bound. 

Lemma  3.23  For  all  i  e  N,  b  Fi  <  Fi+ 1  :  r\  t2  and  h  F%  : 

n  r2. 

Proof  Both  properties  are  shown  by  induction  on  i.  □ 

To  show  that  a  fix-term  is  the  least  upper  bound  of  its  finite  unrollings 
we  shall  need  that  the  operation  of  filling  a  context  is  a  monotone  operation 
with  respect  to  the  experimental  pre-order  (in  other  words,  the  experimental 
pre-order  is  a  pre-congruence).  To  this  end  we  shall  first  generalize  the 
experimental  pre-order  to  open  expressions  in  the  following  way. 
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Definition  3.24  An  expression  substitution  7  for  a  type  environment  T  is 
a  finite  map  from  variables  to  closed  expressions  satisfying  the  following  two 
conditions. 

1.  Dom(7)  =  Dom(r). 

2.  Vx  £  Dom(7)  :  0  b  7(2;)  :  r(#). 

Definition  3.25  A  value  substitution  7  for  T  is  an  expression  substitution 
for  T  satisfying  Vx  £  Dom(r)  :  7(2;) 

Definition  3.26  Let  7  and  7'  be  expression  substitutions  for  F.  Then  7 
approximates  7',  written  b  7  ^  7'  :  T,  if  and  only  if\/x  £  Dom(r)  :  b 
7(3;)  ■<  7' (#)  :  r(aj).  Likewise ,  we  write  b  7  w  7'  :  T,  if  and  only  if 
Vx  £  Dom(r)  :  b  7(2;)  «  7' (2;)  :  r(z). 

Note  that  this  definition  also  expresses  when  a  value  substitution  7  approx¬ 
imates  another  value  substituition  7'  (both  for  some  T)  as  a  value  substition 
is  just  a  special  expression  substitution  (we  need  a  notion  of  expression 
substition  in  Section  3.2,  which  is  why  we  have  chosen  this  formulation). 

Definition  3.27  (Open  Experimental  Approximation  and  Equivalence) 

For  all  e  and  e',  if  T  \~  e  :  r  and  r  b  ef  :  r,  then  we  define  T  b  e  ■<  ef  :  r  if, 
and  only  if,  for  all  value  substitutions  7  and  7'  for  F  satisfying  b  7  ^  7'  :  F, 
b  7(e)  ^  7,(e/)  :  t.  Moreover ,  we  define  F  b  e  «  e'  :  r  if  and  only  if 
F  b  e  -<  e*  :  r  and  F  b  e!  -<  e  :  r. 

An  alternative  definition  of  open  experimental  approximation  would  be  to 
say  that  r  b  e  ^  ef  :  r  if  and  only  if,  for  all  expression  substitutions  7 
for  T,  b  7(e)  ^  7(e;)  :  r.  However,  we  need  the  more  general  definition 
(specifically  it  is  used  in  proving  (22)  below). 

Lemma  3.28  If  [f  :  n  — ^  T2,x  :  7]  b  e  ^  e'  :  T2  then  b  fix  f(x:ri).e  ^ 
fix  f(x:ri).e/  :  r\  — ^  T2. 

Proof  By  induction  on  it  is  easy  to  show  that,  for  all  i  £  N, 

b  fix  fz(x:ri).e  ^  fix  fl(x:Ti).el  :  T\  — *  T2  (22) 

By  Corollary  3.14,  it  suffices  to  show, 

V£'{-Tl_xT2  vi}  E  ECtxi  :  E{ fix  /(rrrrj.e}  z<k  E{ fix  /(rr:ri).e'} 
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So  assume,  E{(iix  f(x:T\).e)  (v\)}  *.  Let  C{.Tl^T2}  =  E{ 

-ri^r2  «l}. 

Then,  by  Lemma  3.22,  there  exists  a  Tr{p/}  such  that  V{Fq}  =  *  and 

C{p}  V{p'}  (23) 

Let  I  =  N,  clearly  a  cofinal  set.  Then  by  (23), 

I'  =f  { i  6  I  |  C{fix  /*(x:ri).e}  i-**  *  } 

is  a  cofinal  subset  of  JVjpJ.  Hence  I'  is  in  particular  non-empty,  i.e.,  there 
exists  i  €  I'  such  that  C{fix  fl(x:T\).e}  »-)•*  *.  Thus,  by  definition  of  I  and 
C,  there  exists  an  i  E  N  such  that  E{(f\x  fl(x:ri).e)  (vi)}  i— >*  *.  Hence, 
by  (22),  we  also  have  E{(fix  fl(x-.T\).e')  (t»i)}  h4*  *.  Then  by  Lemma  3.23, 
we  get  E{( fix  f(x:Ti).e')  (r»i)}  i-4*  *,  as  required.  □ 


Lemma  3.29  IfT,T'  b  e  <  e'  :  t,  C{~t}  €  CtxT'(F),  T  I-  C{e }  :  t' ,  and 
T  b  C{e'}  :  t',  then  F  b  C{e }  <  C{e'}  :  r' . 

Proof  By  induction  on  C.  In  the  case  for  C  =  fix  f(x:T).C',  use  Lemma  3.28; 
all  the  other  cases  follow  easily  (either  directly  by  the  assumptions  or  by 
induction  and  using  Lemmas  3.7-3.11  and  composition  of  evaluation  con¬ 
texts).  □ 

The  following  corollary  expresses  the  monotonicity  of  contexts  with  re¬ 
spect  to  the  experimental  pre-order  —  in  other  words,  the  experimental 
pre-order  is  a  pre-congruence.  We  shall  subsequently  show  that  contexts  are 
not  only  monotone,  but  also  continuous  (in  an  appropriate  sense). 

Corollary  3.30  (Context  Monotonicity)  If  b  e  ^  e'  :  t\  and  C{~r :}  € 
CtxT,  then  b  C{e}  <  C{e'}  :  r. 

Proof  Follows  immediately  by  Lemma  3.29.  □ 


Lemma  3.31  If  b  e\  X  e[  :  t\,  . . . ,  b  <  e'k  :  r*  and  (7{-i,  CtxT 

with  -i  of  type  Ti,  for  all  1  <  i  <  k,  then  b  C{ei, . . . ,  e *,}  b  C{e[, . . . ,  e'^}  :  r. 

Proof  By  repeated  application  of  Corollary  3.30  and  transitivity  of  □ 


Corollary  3.32  (Experimental  equivalence  is  a  congruence  relation) 

If  b  e\  «  e[  :  t\  . . . ,  b  ej  w  e't  :  Tt  and  C{- 1, . . . ,  _*,}  €  CtxT  with  _j  of  type 
Ti,  for  all  1  <  i  <  k,  then  b  C{e i, . . .  ,  e*,}  & 
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Proof  Follows  immediately  by  Lemma  3.31. 


□ 


Before  embarking  on  the  theorem  from  which  it  follows  that  a  fix-term 
is  the  least  upper  bound  of  its  finite  unrollings  (Theorem  3.36),  the  proof  of 
which  will  make  use  of  context  monotonicity,  we  shall  first  make  another  use 
of  context  monotonicity.  We  shall  show  that  experimental  approximation 
can  be  used  to  give  an  alternative  characterization  of  the  usual  definition 
of  contextual  equivalence  —  via  this  alternative  characterization,  the  proof 
principles  for  establishing  experimental  equivalence  that  are  developed  in 
this  paper  can  be  used  also  to  establish  results  of  contextual  equivalence. 
This  theorem  (Theorem  3.34)  is  reminiscent  of  the  CIU  Theorem  of  Mason, 
Smith  and  Talcott  [11]. 

Definition  3.33  (Contextual  Approximation  and  Equivalence)  IfT  h 

e  :  t  and  T  e' :  t,  we  define 

hefe':r  <i=>  VC'{_T}  €  Ctx i  :  C{e}  C{e'} 

h  e  kc  e' :  t  <=$■  VC{-T }  €  Ctx i  :  C{e}  C{e '} 

Theorem  3.34  If  V  e  :  t  and  T  h  e'  :  r,  then  \~  e  -<c  e'  :  r  iff  T  he^ 
e'  :  r. 

Proof 

=>  Assume  h  e  <c  e'  :  r  Further  assume  h  7  ■<  7'  :  T  and  that 
E{ 7(e)}  *.  We  are  to  show  that  Efyfe')}  t-4*  *.  Assume  that 

Dom(r)  =  { «!,..., xn}  and  let  n  —  T(xi).  Without  loss  of  generality 
(by  the  definition  of  value  substitution  and  by  considering  the  following 
part  of  the  proof)  we  may  assume  that  ^{xf)  €  Val r,  and  ~  ' (x, )  £  ValTi.  Let 
Vi  =  7 (xi)  and  v\  =  7 '{xf),  for  all  1  <  i  <  n.  Let 

C{-t}  =  Xxi'.Tl.'  •  •  Xxn\Tn.E{.r)  Vl  Vjx 

Then  C{e}  1-7*  *.  Hence  by  the  assumption  that  h  e  <c  e'  :  r,  also 
C{e'}  *.  Let 

C' {-ti  •>•••■>  -rn }  =  Xx\:t\.-  •  •  Xxn:rn.E{e  }  -n  -rn 
Then  we  have  that  C'{v  1, . . . ,  vv }  1-7*  *.  By  Lemma  3.31, 
b  C'{v i,...,w»}  <  C'{v[,...,v'n}  :  1 

Hence  it  follows  that  C'{v\, . . .  ,u^}  i->*  *,  and  thus  E{ 7,(e')}  1-7*  *,  as 
required. 
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<£=  Assume  T  b  e  ^  e'  :  r.  Then,  by  Lemma  3.29,  b  C{e}  ^  C{e'}  :  1. 
Prom  this  it  follows  (with  E  =  _i)  that  C{e }  C{e!),  as  required.  □ 

Corollary  3,35  If  T  b  e  :  r  and  T  b  e'  :  r,  then  b  e  e'  :  r  iff 
T  b  e  w  e'  :  r. 

Proof  Immediate  from  Theorem  3.34.  □ 


Theorem  3.36  For  all  C{p }  £  i/ie  following  three  propositions  are 

equivalent. 

1.  b  C{^}Xe:r 

2.  3/  G  PCof(A^)  :  Vm  G  I  :  b  C{i^}  ^  e  :  r 

5.  VI  €  Pcof  (-tfl#)  :  Vm  G  J  :  b  r<  e  :  r 

Proof  We  show  that  1  is  equivalent  to  2  and  that  1  is  equivalent  to  3  from 
which  the  theorem  follows. 

1  =>  2:  Let  I  =  {  m  G  ATlPl  |  mi  =  m2  =  ■■■  =  }.  I  is  clearly 

cofinal.  By  Lemmas  3.31  and  3.23  we  get  Vm  El:  b  C'jFjft}  V  :  r 

so  by  transitivity  the  desired  follows. 

2  =>  1:  Let  E{_T}  G  ECtxi  be  arbitrary.  We  are  to  show  that 

E{C{FS}}  E{e} 

So  assume  E{C{F^}}  1-4*  *.  Then  by  Lemma  3.22,  there  exists  a  F{p'} 
such  that  V{Fq}  —  *  and 

£{C}{pHfF{p'}  (24) 

Clearly,  V  =  *.  By  the  assumption  that  I  G  FCo{(N^)  and  (24)  we  get  that 
I'  d=  {m  E  I  |  E{C}{F, *}  ^4**} 

is  a  cofinal  subset  of  N IPI.  Hence  I'  is  in  particular  non-empty,  i.e.,  there 
exists  m  El'  such  that  E{C}{F1fl}  1-4*  *.  Now,  E{C}{F^}  =  E{C{F^}} 
so  we  have  3m  G  I'  :  E{C{Fffi}}  1-4*  *.  Finally,  since  I'  is  a  subset  of  I  we 
get  by  the  assumption  2  that  E{e}  i-4*  *,  as  required. 

1  =>  3:  Let  I  E  bY0f(ArT  )  be  arbitrary.  The  required  follows  by 

Lemmas  3.31  and  3.23  and  transitivity,  (as  in  1  =*>  2  above). 
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3  =>■  1:  Easy,  since  clearly  3  =*>  2  and  we  have  already  shown  2  =>  1 
above.  □ 

Corollary  3.37  (Context  Continuity)  For  all  C{p }  6  CtxT, 

\-  C{Fq }  -<e:r  Vn  €  N  :  b  C{Fn, . . . ,  Fn}  <e\r 
Proof  Follows  by  Theorem  3.36.  □ 

Let  C{ p}  =  -Ti-^t2  in  Corollary  3.37.  Then  the  corollary  together  with 
Lemma  3.23  intuitively  says  that  Fu  is  the  least  upper  bound  of  the  chain 
of  its  finite  unrollings:  By  Lemma  3.23, 


Fo  ^  Fi  ■<  F2  ‘ 

is  a  chain  with  upper  bound  F^.  By  Corollary  3.37,  if  e  is  an  upper  bound 
of  the  same  chain,  then  Fw  ■<  e,  so  Fw  is  a  least  upper  bound  of  the  chain: 

F„  =  \_\{Fo,F1,F2,...} 

Furthermore,  by  Corollary  3.30, 

C{FQ}^C{F1}^C{F2}^-- 

is  again  a  chain  with  upper  bound  and  by  Corollary  3.37,  if  e  is  an 

upper  bound  of  the  same  chain,  then  C^i^}  ^  e,  so  <7(7^}  is  a  least  upper 
bound  of  the  chain: 

C{FU}  =  U  C{F0},  C{F ! },  C{F2}, . . .  } 

In  other  words,  to  fill  a  context  is  a  continuous  operation  for  chains  of  finite 
unrollings  of  fix  terms  with  respect  to  the  approximation  order. 

As  explained  by  Mason,  Smith,  and  Talcott  [11]  arbitrary  chains  of  terms 
do  not  always  have  a  least  upper  bound.  This  leads  Mason,  Smith,  and 
Talcott  to  develop  a  notion  of  ordering  between  sets  of  terms,  for  which 
arbitrary  chains  do  have  a  least  upper  bound,  [11,  Lemma  4.31].  Here, 
however,  we  shall  only  ever  consider  chains  of  the  form 

C{FQ}^C{Fl}<C{F2}<--- 

for  some  given  closed  fix-term  F  and  thus  the  chains,  which  we  shall  consider, 
will  always  have  a  least  upper  bound.  Hence  we  do  not  need  to  develop 
more  complicated  notions  of  approximation  a  la  the  set  ordering  developed 
by  Mason,  Smith,  and  Talcott  [11]. 
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3,2  Syntactic  Projections 

In  this  section  we  introduce  syntactic  projection  terms  which  are  the  syn¬ 
tactic  counterpart  of  the  semantic  projection  functions  known  from  domain 
theory.  These  syntactic  projections  will  be  used  in  the  construction  of  the 
desired  relations  in  Section  5. 

Let  7r  be  a  variable.  For  all  types  r,  we  define  terms  IIT  :  r  r  (given 
7r  :  p  — ^  p)  by  induction  on  r  as  follows. 

Xx'.p.'K  x 
Xx\Q.x 
Xx:l.x 

Xx:ti  x  t2.(IITi  (fst  z),nr2  (snd  x)) 

Xx:r\  +  T2.case(a;,  A:r:Ti.inlT2  (IITl  re),  Are:r2.inrTl  (IIT2  a:)) 

A/:ri  T2.Aar:r1.nT2  (/  (IIT1  x )) 

Note  that  7r  is  possibly  free  in  these  so  defined  terms.  Further,  define  terms 
7rz  :  p  — ^  p,  for  all  i  >  0,  by  induction  on  i  as  follows. 

7T°  1lf  fix  ir(x:p).7r x 
7rz+1  Amp. [7rz/7r]in  (IITp  (out  rc)) 

and  define 

tt00  =f  fix  7r(rc:p).in  (UTp  (out  x))  :  p  p 

Observe  that  it1  and  also  7r°°  are  values. 

Note  that  the  7r?,s  are  the  finite  unrollings  of  the  fix-term  7r°°  so,  as 
explained  in  the  previous  subsection,  7r°°  is  the  least  upper  bound  of  the 
chain  of  7r*’s.  The  7r°°  term  corresponds  to  the  least  fixed  point  fix(5)  of  the 
continuous  function  J(e)  =  iF(e,  e)i~l  in  [17,  Definition  3.2].  We  shall  show 
that  7r°°  is  experimentally  equivalent  to  the  identity  function  (more  precisely, 
the  term  Xx:p.x)\  this  corresponds  to  the  minimal  invariant  property  in  [17, 
Definition  3.2]. 

Example  Assume  rp  =  1  +  p.  Intuitively,  our  recursive  type  then  corre¬ 
sponds  to  the  type  of  natural  numbers.  Then  7r°°  is  equal  to 

fix  7r(x:p).in  ((A:r:l  +  p. case(#,  Ax:l.inlp  ((Ax:l.a?)  #),  Xx:pAr\x\  ((Xx:p.7rx)  x)))  (out  a;)) 
Intuitively,  it  is  clear  that  this  is  equivalent  to  the  identify  function.  □ 


n 

n 


np  = 
n0 
ih 

rixr2 

Tl  +T2  “ 


n 


def 

def 

def 

def 

def 

def 


-Tl  5kT2 
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For  all  r  and  all  i  >  0,  we  define 

n*  d=f  [7rV7r]nT  :  r  — 1  r 
Finally,  for  all  r,  we  define 

noo  def  ^00/^  ;  j  — i  t 

The  following  Lemmas  3.38-3.41  express  that  the  above  definitions  do 
indeed  define  terms. 

Lemma  3.38  For  all  r,  [n  :  p  p]  b  IIT  :  r  — 1  r. 

Proof  By  induction  on  r.  □ 

Lemma  3.39  b  7r°°  :  p  p. 

Proof  By  Lemma  3.38  and  strengthening  lemma  for  typing.  □ 

Lemma  3.40  For  all  r ,  b  n^°  :  r  — ^  r. 

Proof  By  Lemmas  3.38  and  3.39  and  substitution  for  typing.  □ 

Lemma  3.41  For  all  r,  for  all  i  >  0,  b  II^.  :  r  — ^  r;  and  /or  a//  i  >  0, 

b  7rz  :  p  — k  p. 

Proof  Simultaneously  by  induction  on  (i,r)  ordered  lexicographically.  □ 

We  aim  to  show  that  7r°°  is  operationally  equivalent  to  the  identity  func¬ 
tion  Xx :p.x.  To  this  end  we  need  a  series  of  simple  lemmas  which  we  now 
proceed  to  establish  . 

Lemma  3.42  If  be«*;l  then 

1.  For  all  i  >  0,  b  U\  e  «  *  :  1. 

2.  b  Ilf5  e  «  *  :  1 

Lemma  3.43  J/  b  e  «  :  ri  x  T2,  then 

1 .  jFor  a//  i  >  07  b  fl^  XT2  e  «  (11^  v\,  WT2  v2)  :  n  x  r2. 
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2.  k  n~XT2  e »  (n~  t?i,  n~  v2)  :  n  x  r2. 


Proof  We  show  1;  2  is  similar.  Let  i  >  0  be  arbitrary.  Assume  h  e  k 
(^1^2)  :  T\  x  r2.  Then  by  Lemma  3.5,  e  1),  i.e.,  there  exists  a  v  such  that 
e  i-4*  v.  By  Canonical  Forms  Lemma  (Lemma  2.11),  v  =  {v[ .  v'2)  for  some 
v[  and  v'2.  Hence 

n*rixT2  e  =  x  t2-(K  (fet  xJX  (snd  x)))  (e)  ^*  (ffTl  v[,K2  v'2) 

Thus  by  Lemma  3.7  b  n^-lXT,  e  «  (11^  :  t\  x  t2  and  b  e  rj 

(ui,w2)  :  ri  x  t2.  By  transitivity  of  as,  we  get  have  b  (iq,  v2)  «  (t>i,t>2)  : 
t\  x  r2.  By  Lemma  3.9  it  then  follows  that  h  v\  as  v[  :  t\  and  b 
V‘2  as  v'2  :  r2.  Hence  it  follows,  by  composition  of  evaluation  contexts,  that 
b  v\  as  IilTl  v[  :  t\  and  b  WT2  v2  as  n^2  v'2  :  r2.  Hence,  by  Lemma  3.9, 
b  n’r]  XT2  (e)  as  (WT1  vi,UlT2  v2)  :  n  x  r2,  as  required.  □ 


Lemma  3.44 

1.  If  b  e  «  inlT2  u  :  ri  +  r2,  t/ien 


(a) 

For  all  i 

> 

0, 

b  n^+rs  e 

«  inlT2 

(K  v)  : 

■  n  +  r2. 

(b) 

b  n-+T2 

e 

inlr2  (n*v) 

:  n  + 

T2- 

2.  If  b 

e  «  in rTl 

V 

:  ti  +  T2? 

(a) 

For  all  i 

> 

0, 

b  nr1+r2  e  i 

~  inrTl 

(14  «) 

:  n  +  r2 

(b) 

b  nn+r2 

e 

inrn  (n“  v) 

:  n  + 

T2- 

Lemma  3 

.45  If  b 

e 

v  :  n  ->•  r2, 

then 

i.  For  all  i  >  0,  b  _^T2  e  ss  \x:t\.WT2  ( v  (n^  a;))  :  t\  -a  r2. 

2-  b  n~_T2  e  «  Aa;:ri.n~  (w  (n~  i)):Ti-ir2. 

Proof  We  show  1,  2  is  similar.  Let  i  >  0  be  arbitrary.  Assume  b  e  as 
v  :  T\  — *  t2.  Then  by  Lemmas  3.5,  3.7,  and  3.8,  there  exists  a  v'  such  that 
e  h4*  v'  and  b  v  as  v'  :  ti  — >■  r2.  Hence, 

nn-T2  (c)  "+*  nn-T2  M  Aarrn-n*,,  (t/  (*))) 

so  by  Lemma  3.7 

b  nt^T2  (e)  «  Xx-.n-U^  (v1  (n*,  (*)))  :  n  -  r2 
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We  now  claim  that 


b  Xx-.Ti.Il^  ( v  (n^  (x)))  «  \x:t\.H\2  ( v '  (11^  (a?)))  :  n  r2  (25) 

from  which  the  required  follows  by  transitivity.  By  Corollary  3.14,  to  show 
the  claim  (25),  it  suffices  to  show  that 

h  Xx-.n.U^  (v  (irTl  (x)))  (v:)  «  Aarrn.nt,  (v'  (U^  (x)))  (Vl)  :  r2  (26) 

where  v\  €  ValTl  is  arbitrary.  Clearly,  the  left  hand  side  in  (26)  is  oper¬ 
ationally  equivalent  to  (v  (11^  (vi)))  and  the  right  hand  side  is  opera¬ 
tionally  equivalent  to  WT2  (v1  (11^  («i))),  but  these  two  expressions  are  op¬ 
erationally  equivalent  because  v  and  v'  are  operationally  equivalent  and  by 
composition  of  evaluation  contexts  (with  the  context  UZT.2  (_T1^T2  (n^  («i)))). 
Hence,  by  transitivity,  the  desired  (26)  follows.  □ 


Lemma  3.46  If  b  e  ss  in  v  :  p,  then  11°  e  ft. 

Lemma  3.47  If  b  e  «  in  v  :  p,  then 

1.  For  all  i  >  1,  b  IFp  e  «  in  (IT^r1  v)  :  p. 

2.  b  n^°  e  as  in  (II~  v)  :  p. 

Lemma  3.48  If  b  e  «  in  v  :  p,  then 

1.  For  alli>  1,  b  id  e  «  in  (Ulff1  v )  :  p. 

2.  b  7r°°  e  «  in  (Hj!°  v)  :  p. 

Lemma  3.49  For  all  r  and  for  all  i  >  0,  bn’  ^  Xx:t.x  :  t  —*■  t. 

Proof  By  Lemma  3.6  and  Corollary  3.14  it  suffices  to  show,  for  all  r,  for 
all  v  G  ValT,  for  all  £-'{_t_at  v} 

E{ H*  v}  r< k  E{v }  (27) 

We  show  this  by  induction  on  ( i ,  t)  ordered  lexicographically.  We  proceed 
by  cases  on  t. 

Case  t  =  1:  Follows  by  Lemma  3.42. 

Case  t  =  0:  Vacously  true  since  Valo  =  0. 

Case  t  —  p\  We  consider  two  cases,  i  =  0  and  i  >  0. 

SubCase  i  —  0:  Follows  trivially  by  Lemma  3.46. 
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SubCase  i  >  0:  By  Canonical  Forms  Lemma(Lemma  2.11),  v  =  in  v'  for 
some  v'  €  ValTp .  Assume  E{Wr  in  v'\  i-»*  *.  Then  by  Lemma  3.47  (with 
e  =  in  v'  and  using  reflexivity  of  «  and  noting  that  i  >  0  by  assumption) 
we  also  have  that  E{m  (II*"1  v')}  *.  Note  that  i  —  1  >  0  as  i  >  0  by 

assumption  and  that  (i  —  1,tp)  <  (i,  t)  in  the  lexicographical  order,  so  we 
can  apply  induction  to  get  £?{in  v'}  H>*  *,  which  is  the  required. 

Case  t  =  t\  x  T2 :  Follows  by  Lemma  3.43  and  induction  on  (?',  r; )  and 

(i,r2)- 

Case  r  =  ti  +  T2:  Follows  by  Lemma  3.44  and  induction  on  (i,  T\)  or 
(i,T2)  depending  on  whether  v  =  inlT2  vf  or  v  =  inrTl  v*. 

Case  t  —  T\  — ^  T2:  Follows  by  Lemma  3.45  and  Corollary  3.14,  induc¬ 
tion  on  (i,  t\)  and  induction  on  (i,  72).  □ 

We  are  now  in  a  position  to  show  one  half  of  the  operational  equivalence 
of  7r°°  and  the  identity  function,  namely  that  7r°°  approximates  the  identity 
function. 

Lemma  3.50  b  7r°°  -<  Xx:p.x  :  p  p 
Proof  By  Corollary  3.37,  it  suffices  to  show 

Vi  6  N  :  h  7Tl  ^  A x:p.x  :  p  — 1  p  (28) 

We  show  this  by  induction  on  i. 

Basis  (i  =  0):  By  Lemma  3.6,  Corollary  3.14  and  Canonical  Forms 
Lemma  (Lemma  2.11),  it  suffices  to  show,  for  all  E{-p  (in  u)}  E  ECtxi  and 
all  v  E  ValTp , 

E{ir°  (in  u)}  <k  £?{in  v} 

Recalling  that  7 r°  =  fix  7i(x:p).TT x  the  required  follows  immediately. 

Inductive  Step:  We  assume  (28)  holds  for  i  and  show  for  i  +  1.  By 
Lemma  3.6,  Corollary  3.14  and  Canonical  Forms  Lemma  (Lemma  2.11),  it 
suffices  to  show,  for  all  E{-p  (in  u)}  E  ECtxi  and  all  v  E  ValTp, 

E{ 7Ti+1  (in  v)}  E{ in  v} 


To  this  end,  assume 

E{ni+1  (in  v)}  ^ *  *  (29) 

Then  by  Lemma  3.47  (with  e  =  in  v  and  using  reflexivity  of  ~  and  noting 
that  i  —  1  >  1  as  i  >  0  by  the  assumption  that  i  €  N)  we  also  have  that 

E{\n  (11^  u)}  >-¥*  *  (30) 
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Then  by  Lemma  3.49,  also  E^in  v}  *,  as  required. 


□ 


Next  we  aim  to  show  the  other  half  of  the  operational  equivalence  of 
7 t°°  and  the  identity  function,  that  is,  that  the  identity  function  opera¬ 
tionally  approximates  7r°°.  We  shall  employ  an  idea  of  Mason,  Smith,  and 
Talcott  [11]. 

We  now  proceed  to  show  idempotency  of  11^°  and  7r°°.  The  strategy  is 
to  show  lemmas  for  U].  and  tt1  and  then  use  compactness  of  evaluation  to 
get  the  desired  results. 

Lemma  3.51  For  all  i  >  0  and  for  all  r,  h  IIJ.  ^  XxirJl™  (II^0  x)  :  r  — 1  r. 

Proof  By  Corollary  3.14  it  suffices  to  show,  for  all  i  >  0,  for  all  v  G  Valr, 
and  for  all  E{-r^r  v}  G  ECtxi, 

E{ n>}  ^  E{(Xx:r.Tl™  (Il™x))v} 

This  can  shown  by  induction  on  (i,r)  ordered  lexicographically.  □ 

Lemma  3.52  For  all  i  >  0,  h  ft1  ^  Xx'.p.n00  (n°°  x)  :  p  — ^  p. 

Proof  Follows  by  Lemma  3.51.  □ 

Lemma  3.53  For  all  i  >  0  and  for  all  r,  \~  Xx:r.IFr  (H).  x)  <  n£°  :  r  — 1  r. 

Proof  By  Corollary  3.14  it  suffices  to  show,  for  all  i  >  0,  for  all  v  G  Valr, 
and  for  all  E{-r^rv}  G  ECtxi, 

E{{\x:t.TFt  (II*  x))  v}  E{Ur  v} 

This  can  shown  by  induction  on  (i,  r)  ordered  lexicographically.  □ 

Lemma  3.54  For  all  i  >  0,  h  Xx:p.nl  (w1  x)  ■<  7r°°  :  p  — ^  p. 

Proof  Follows  by  Lemma  3.53.  □ 

Lemma  3.55  For  all  r,  h  TI^0  ^  Xx:r.U™  (H™  x)  :  r  — 1  r. 

Proof  By  Corollary  3.37,  with  C  =  _T_^r,  and  Lemma  3.51.  □ 
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Lemma  3.56  h  7r°°  <  Xx-.p.n00  (n°°  x)  :  p  — »•  p. 

Proof  By  Corollary  3.37,  with  C  —  -p-±p,  and  Lemma  3.52.  □ 

Lemma  3.57  For  all  r,  b  AaxT.II“  (II“  x)  ■<  11“  :  r  — 1  r. 

Proof  By  Corollary  3.37,  with  C  =  Xx:p..\  (_2  a;)  with  _i  and  _2  of  type 
r  — 1  r,  and  Lemma  3.53.  □ 


Lemma  3.58  b  Xx:p.n°°  (7r°°  a;)  X  tt00  :  p  — *■  p. 

Proof  By  Corollary  3.37,  with  C  =  Xx:p-\  (_2  a;)  with  _i  and  _2  of  type 
p  — *■  p,  and  Lemma  3.54.  □ 

Corollary  3.59  For  all  e  G  F277  and  for  all  F{_r}  €  ECtxTi ,  b  F{II“  (II“  e)}  w 
F{1T“  e}  :  r'. 

Proof  Follows  by  Lemmas  3.55  and  3.57.  □ 


Corollary  3.60  For  all  e  G  Expp  and  for  all  E{-p }  €  ECtxT,  b  F{7r°°  (7r°°  e)}  « 
F{7r°°  e}  :  r. 

Proof  Follows  by  Lemmas  3.56  and  3.58.  □ 

We  then  define  a  “compilation”  relation  for  expressions  that  annotates 
terms  with  syntactic  projections.  The  relation  r  b  e  :  r  =$■  \e\  is  defined  by 
induction  on  T  b  e  :  r  by  the  axioms  and  inference  rules  in  Figure  2.  It  is 
easy  to  see  that  if  T  b  e  :  r,  then  Fhe:r4-  |e|,  for  some  |e|. 

Lemma  3.61  IfT  b  e  :  r  =$■  |e|,  f/ten  T  b  |e|  :  r. 

Proof  By  induction  on  T  b  e  :  r  =>  |e|.  □ 

For  any  E{-T}  G  ECtxT/,  we  define  \E\  as  follows.  Clearly,  [z  :  r]  b 
F{^}  :  r'.  Thus  for  some  e',  [z  :  r]  b  F{z}  :  r'  =*>  e'.  By  induction  on 

the  derivation  there  will  be  one  free  occurrence  of  z  in  e'.  We  define  \E\  =f 
[.r/zje',  and  by  the  remarks  given  here  and  Lemma  3.61,  |F|{_r}  G  ECtxr/. 

Lemma  3.62  For  all  e  G  ExpT(F)  and  for  all  expression  substitutions  7  for 
F,  ifT  b  e  :  r  =4>  |e|,  then  b  11“  (7|e|)  «  7|e|  :  r. 
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rhs:r^nT°°s  (r(a?)  =  r) 


(tr-var) 


r  h  * :  i  =»  nf  * 

r  h  e\  :  ri  =>  |ei|  T  h  e2  :  t2  =¥  je2 1 
T  h  (ei,e2)  :  ri  x  r2  =»  n“XT2  (|ex|,|e2|) 

T  h  e  :  ri  x  r2  =>■  |e| 
r  h  fst  e  :  n  fst  |e| 

T  I-  e  :  t\  x  r2  =>  |e| 


T  h  snd  e  :  r2  =>•  snd  |e| 
r  h  e  :  rx  |e| 

T  h  inlT2  e  :  rx  +  r2  =»  II“+T2  (inlT2  |e|) 
T  1-  e  :  r2  =>•  |e| 


(tr-one) 

(tr-prod) 

(tr-fst) 

(tr-snd) 

(tr-inl) 

(tr-inr) 


r  h  inrTl  e  :  n  +  r2  =»  n^+T2  (inrTl  |e|) 
r  h  ex  :  n  +r2  ^  |ex|  T  I-  e2  :  ri  r  =>-  |e2|  T  h  e3  :  r2  r  =>•  |e3| 


T  h  case(ei,e2,e3)  :  r  =»  case(|ex|,  |e2|,  |e3|) 
r[/  :  ri  r2][a:  :  ri]  h  e  :  r2  =>•  |e| 


T  H  fix  f(x:ri).e  :  n  r2  =4>  II~^T2  (fix  /(a?:rx).|e|) 
T  h  ex  :  r2  — ^  r  |ex|  T  I-  e2  :  r2  =>■  |e2| 


r  h  ex  e2  :  r  =5>  |ex|  |e2| 

T  h  e  :  p  =$>  |e| 


T  h  out  e  :  Tp  =>  out  |e| 

r  b  e  :  Tp  =>  |e| 

T  h  in  e  :  p  =>  II?3  (in  |e| 


(tr-case) 

{f,x  ^Dom(r)) 

(tr-fix) 

(tr-app) 

(tr-out) 

(tr-in) 


Figure  2:  Definition  of  T  b  e  :  r  =>  |e|. 
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Proof  By  induction  on  T  b  e  :  r  =>  \e\. 

Case  TR-VAE,  TR-ONE,  TR-PROD,  TR-INL,  TR-INR,  TR-FIX,  TR-IN:  Use 
Corollary  3.59. 

Case  TR-FST:  By  induction  we  get  that 

h  7|e|  «  n~XT2  (7|e|)  :  n  x  r2  (31) 

We  are  to  show  b  fst  (7|e|)  ~  11“  (fst  (7|e|))  :  T\  x  T2.  If  7|e|  ff  then 
it  follows  by  Lemma  2.15.  Thus  assume  that  7|e|  JJ-,  that  is,  that  there 
exists  v  €  ValTlXT2  such  that  7|e|  i-4*  v.  By  Canonical  Forms  Lemma 
(Lemma  2.11),  v  =  (ui,w2)  for  some  v\,  w2.  By  (31),  Lemmas  3.7  and  3.43 
and  transitivity  of 


b  7|e|  «  (II“  ui,n“  v2)  :  Ti  x  r2  (32) 

By  Lemmas  3.7,  3.8,  3.9,  and  (32),  we  get 

b  fst  (7|e|)  «  11“  «i  :  ti  (33) 

Further,  again  using  Lemmas  3.7  and  3.9, 

b  fst  (7|e|)  «  vi  :  T\  (34) 

so  by  composition  of  evaluation  contexts,  (34)  gives 

b  n“  (fst  (7|e|))  «  11“  v\  :  T\  (35) 

which  together  with  (33)  gives  the  required  by  transitivity  and  symmetry  of 

Case  TR-SND:  Similar  to  the  case  for  tr-fst. 

Case  tr-case:  We  are  to  show  that  b  11“  (case(7|ei  | ,  7)62  U  7|e3 1 ))  ~ 
case(7|ei|,7|e2|,7|e3|)  :  r.  If  7|e|  fl-  then  it  follows  by  Lemma  2.15.  Thus 
assume  that  7|e|  ij-. 

SubCase  I:  Assume  7|e|  i->*  inlT2  v\.  Then  by  Lemma  3.7,  it  suffices  to 
show  b  n“  (7|e2|  (vi))  ~  7|e2|  (ui)  :  r.  Assume  7|e2|  1-4*  v  (otherwise  the 
required  follows  by  Lemma  2.15).  By  induction  we  have 

b  7|e2|  «  n“^T  (7|c2|)  :  n  -»  r 

so  by  Lemma  3.7  and  transitivity  of  «  we  get 

b  v  w  n“_T  v  :  T\  — 1  r 
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Thus  it  suffices  to  show 


b  nn(n^T^i)  « (n^K  :  r 

But 

(n^K  n?°(v  (n^vi)) 

so  by  Lemma  3.7  and  transitivity  of  «  it  suffices  to  show 

h  n~  (n~  (v  (n~  «,))) «  n?  (v  (n-  Wl)) :  r 

but  this  follows  from  Corollary  3.59. 

SubCase  II:  Assume  -y|e|  i-7*  inrXl  v\.  Similar  to  SubCase  I. 

Case  TR-APP:  Follows  by  induction  and  Corollary  3.59. 

Case  tr-OUT:  Follows  by  induction  and  Corollary  3.59.  □ 

Lemma  3.63  For  all  e  £  E.npr(T)  and  for  all  expression  substitutions  7,  j' 
for  T,  if  b  7  b  7'  :  T  and  rbe:r7  \e\,  then  b  7|e|  b  7;(e)  :  r. 

Proof  By  induction  on  T  b  e  :  r  =>  |e|,  using  Lemma  3.31  and  Lemma  3.50. 
For  rule  TR-FIX,  by  compactness  it  suffices  to  show,  for  all  i  £  N, 

b  7 (fix  fl(x:n).\e\)  b  7' (fix  /*(x:ri).(e))  :  r 

This  is  shown  by  induction  on  i  using  the  outer  induction  hypothesis  in  the 
inductive  step.  □ 

Corollary  3.64  If  0  h  e  :  t  |e|,  then  b  |e|  b  e  :  r. 

Proof  By  Lemma  3.63.  □ 

Corollary  3.65  For  all  j F{_r}  £  ECtxT'  and  for  all  expression  substitutions 
7  forT  =  [z  :  r],  if  [z  :  r]  b  E{z}  =>  |J5{^}|,  then  b  7|j&{^r}|  b  7(^(2:})  :  t'. 

Proof  Follows  by  Lemma  3.63.  □ 

Lemma  3.66  For  all  e  £  ExpT  and  for  all  E{~r}  £  ECtxri 

1.  If  [x\  :  ri, . . . ,  Xk  :  Tfc]  b  e  =>  |e|  and  0  b  ei  :  ti,  . . . ,  0  b  e*  :  t*,  f/ien 
b  |[ei, . . .  ,ek/x\, . . . ,  a:fe]e|  «  [|ei|, . . . ,  \ek\/xi, . . .  ,xk]\e\  :  r 
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2.  h  |,E{e}|  «  |£|{je|}  :  r 

Proof 

1.  By  induction  on  [xi  :  t\,  . . . ,  Xk  :  t*]  H  e  =>•  \e\. 

2. 

|2£{e}|  =  \[e/x]E{x}\  by  Lemma  2.3 

=  M/x)\E{x}\  by 1 

=  |£?|{|e|}  by  Lemma  2.3 

where  for  the  last  application  of  Lemma  2.3  note  that  the  lemma  indeed 
is  applicable  since  \E\  is  an  evaluation  context  by  the  remarks  on 
Page  31. 

□ 


Lemma  3.67  For  all  r  and  for  all  v  G  ValT  the  following  holds. 

1.  |v| 

2.  n?°  M  ^ 

Proof  By  induction  on  v.  □ 


Lemma  3.68  For  all  e  G  Expr?  if  0  b  e  :  r  =>  |e|  and  e  i— ^  e  ,  then 
h  |e|  ~  |e'|  :  r,  where  0  h  ef  :  r  =>  |e'| 

Proof  Assume  e  h*  e'.  Then  e  =  E{r}  for  some  E  and  r.  We  proceed 
by  cases  on  the  reduction  rule  applied.  We  will  use  Lemmas  3.7  and  3.8 
repeatedly  without  explicit  mentioning. 


Case  R-OUT:  Then  r  =  out  (i 
e|  =  \E{r}\ 

«  m\r\} 

=  Nilout  (in  «)|> 

=  |E|{out(n~(inH))} 
«  |^|{out(nf  (inw'))} 

«  |-E?|{out  (in  (II£t/))} 

«  |^|{out(in(n?°H))} 
«  \E\{out  (in  v")} 

*  \E\W'} 

«  m\v\} 

~  U/| 


v)  for  some  v.  We  reason  as  follows. 

by  Lemma  3.66,  item  2 
by  definition 

by  Lemma  3.67,  3vf  :  |v|  v* 
by  Lemmas  3.31  and  3.47 

by  Lemma  3.67,  3v"  :  fl^  |v|  v" 
by  R-OUT 

by  Lemma  3.62 
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Case  R-BETA:  We  reason  as  follows. 


|£|{|(fix  f(x:ri).ei)v\} 

l^|{(n^75(fix/(a::n).|c1|))|«|} 

|£;|{(Aa;:ri.n~  ((fix  /(ar:7i).|ei|)  (11“  a;)))  \v\} 
j^|{(Aa::ri.n~  ((fix  /(*:ti).|ci|)  (II* x)))v'} 


((fi 


|^|{n-((fi 


|E|{n~((fi 

|E|{n|  ([fi 

\E\{U°° 


\E\{n%  ((fi 


•2 


([fi 


;x/(*:7i).|Cl|)(n^t;'))} 
x/(x:ri).|eij)(n~|u|))} 
x/(x:ri).|ei|)  \v\)} 
x  f(x:Ti).\ei\)  t/)} 
x/(x:ri).|ei|,v7/,x]|ei|)} 
x  f(x'-Ti).\ei\,  \v\/f, »j|ei|)} 
I I  {[fix  /(*:ri).|ei|,  \v\/f,  ®]|ei|} 
\E\{\[i\x  f{x:ri).ei,v/f, x]ei\} 


by  Lemma  3.66,  item  2 
by  definition 
by  Lemma  3.45 
by  Lemma  3.67,  3vr  :  |v|  h->*  v> 
by  R-BETA 

by  Lemma  3.62 

by  R-BETA 
by  Lemma  3.31 
by  Lemma  3.62 
by  Lemma  3.66,  item  1 
by  Lemma  3.66,  item  2 


Case  R-FST:  We  reason  as  follows. 


|£|{|fst  ((«i,t*))|} 

mist  ((hu«2i))} 

\E\{fst  ((«i,t>^))} 

\e\{v[} 

I^KNI 

W\ 


by  Lemma  3.66,  item  2 
by  definition 

by  Lemma  3.67,  3v[  :  |vi|  v[  and  3v2  :  |^2 1  l~>*  v2 
by  R-FST 

by  Lemma  3.66,  item  2 


Case  R-SND:  Similar  to  the  R-FST  case. 
Case  R-CASE-INL:  We  reason  as  follows. 


|e|  «  |JE?|{|case(inl^  v,ei,e2)|} 

«  |^|{case(inlT2  |u|,  |ei|,  |e2|)} 

~  |i?j{case(inlT2  v',  |ej|,  |e2|)} 

rv  I  r-J  I 


by  Lemma  3.66,  item  2 
by  definition 

by  Lemma  3.67,  3vf  :  |u|  i-A*  vf 
by  R-CASE-INL 

by  definition 
by  Lemma  3.66,  item  2 


Case  R-CASE-INR:  Similar  to  the  r-CASE-inl  case. 


□ 


Lemma  3.69  h  A x:p.x  ^  7r°°  :  p  — 1  p 

Proof  By  Corollary  3.14  and  Canonical  Forms  Lemma  (Lemma  2.11)  it 
suffices  to  show,  for  all  E{-p^p  (in  ?;)}  E  ECtxi, 

E{\x:p.x  (in  ?;)}  ^ k  E{k°°  (in  v)} 
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Let  E{-p-±p  (in  v)}  G  ECtxi  be  arbitrary.  By  Lemma  3.6,  it  then  suffices  to 
show, 

E{in  v }  E{7t°°  (in  v)} 

By  Corollary  3.64  it  then  suffices  to  show, 

E{in  v }  <k  E{^  |in  v\} 

Since  clearly  h  7r°°  «  :  p  ^  p,  by  Lemma  3.62  it  then  suffices  to  show, 

E{in  v}^k  E{\\nv\}  (36) 

Suppose  that 

E{ \nv}  <k  \E{\nv}\ 
holds.  Assuming  this,  we  can  reason  as  follows 

E{in  u}  i~»*  *  =>  |E{in  v}\  *  by 

=>  |E|{|in  v\}  f — *  by 

=»  Edin  u|}  H>*  *  by 

which  gives  (36)  as  required. 

Thus  we  are  left  with  showing  (37).  Clearly  this  follows  from  showing, 
for  all  closed  expressions  e  G  Expx , 

e  I-)-*  *  =>  |e|  i— >•*  * 

We  show  this  by  induction  on  the  length  m  of  the  computation  of  e  >->*  *. 
Basis  (m  =  0):  Then  e  —  *,  whence  |e|  =  n^°  *  i-»*  *,  as  required. 
Inductive  Step:  Assume  e^e'  *.  Then  by  induction  we  get  that 
|e'|  >->*  *.  By  Lemma  3.68,  also  |e|  *,  as  required.  □ 

We  are  now  in  a  position  to  establish  the  following  theorem,  which  we  re¬ 
fer  to  as  the  syntactic  minimal  invariant  property  by  analogy  to  the  domain- 
theoretic  work  of  Pitts  [17]. 

Theorem  3,70  (Syntactic  Minimal  Invariance)  h  7r°°  Xxip.x  :  p  — 1  p 
Proof  By  Lemmas  3.50,  3.69,  and  3.3.  □ 


(37) 


assumption  (37) 
Lemma  3.66,  item  2 
Corollary  3.65 
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3.3  Summary 

In  this  section  we  have  defined  a  notion  of  experimental  approximation  and 
experimental  equivalence  between  terms  and  established  some  basic  equiv¬ 
alences  of  terms.  Further,  we  have  seen  that  the  finite  unrollings  of  a  given 
fix-term  forms  a  chain  with  respect  to  the  approximation  pre-order  and  that 
the  fix-term  itself  is  the  least  upper  bound  of  this  chain.  This  has  been  cru¬ 
cial  to  establish  the  syntactical  minimal  invariant  property  for  the  recursive 
type  p,  that  is,  that  the  projection  term  7r°°  associated  with  the  recursive 
type  p  is  operationally  equivalent  to  the  identity  term  Xx:p.x. 

In  the  following  we  shall  show  how  to  construct  relations  over  equivalence 
classes  of  terms  (with  respect  to  the  operational  equivalence).  The  properties 
established  in  this  section  are  crucial  to  this  construction,  in  particular,  the 
syntactial  minimal  invariant  property  plays  a  central  role  in  adapting  Pitts’ 
method  [17]  to  our  operational  setting. 

4  Relations 

In  this  and  the  following  section  we  shall  show  how  to  construct  a  relational 
interpretation  of  types  over  an  operational  semantics.  We  shall  end  up  by 
showing  “The  Fundamental  Theorem  of  Logical  Relations”  which  states  that 
the  relational  interpretation  of  types  is  sound  in  the  sense  that  well-typed 
terms  are  related  to  themselves  by  the  relation  associated  to  their  type.  The 
constructed  relations  can  be  seen  to  provide  a  notion  of  equality  of  terms, 
which  we  shall  refer  to  as  “logical  equivalence” .  In  Section  6  we  define  this 
notion  of  equivalence  and  show  that  it  coincides  with  contextual  equivalence. 
Moreover,  we  derive  a  useful  coinduction  principle  for  establishing  logical 
equivalence  and  thus  contextual  equivalence.  This  section  also  provides  the 
necessary  understanding  for  constructing  a  relational  interpretation,  which 
we  can  use  to  show  the  correctness  of  cps  transformation  in  Section  7. 

In  this  section  we  define  a  universe  of  relations  over  equivalence  classes 
of  closed  expressions,  with  respect  to  operational  equivalence.  Further,  we 
define  a  notion  of  admissibility  for  relations.  This  corresponds  to  the  notion 
of  admissibility  (also  known  as  inclusiveness  or  completeness)  used  in  domain 
theory,  and  is  also  here  used  as  a  condition  on  relations,  which,  loosely 
speaking,  allows  one  to  show  that  a  fix-term  is  in  a  relation  by  showing  that 
its  approximants  are  in  the  relation.  Next  we  show  that  admissible  relations 
equipped  with  the  obvious  ordering  form  a  complete  lattice,  define  relational 
constructors  corresponding  to  the  type  constructors  of  the  language,  and 
show  that  these  constructors  preserve  admissibility. 
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Throughout  this  section  we  will  let  n  E  N  be  an  arbitrary  but  fixed 
natural  number,  that  is,  we  will  consider  n-ary  relations  for  a  fixed,  but 
arbitrary  n  E  N.  We  will  use  the  same  abbreviations  for  terms  involving 
fix  and  for  contexts  as  in  Section  3.1.  For  any  set  A  and  natural  number  m 
we  write  Am  for  the  ra-ary  cartesian  product  of  A.  For  any  set  A  and  any 
equivalence  relation  =  on  A,  we  write  A  /=  for  the  set  of  equivalence  classes 
of  A  with  respect  to  =.  To  simplify  notation  we  denote  each  equivalence 
class  by  one  of  its  representatives.  Moreover,  we  will  simply  use  for  the 
operational  equivalence  relation  at  type  r  (i.e.,  (e,  e')  E~  h  e  &  ef  :  r) 
when  r  is  clear  from  context. 

Definition  4*1  For  all  r ,  we  define  a  universe  of  n-ary  relations  Relr  as 
follows. 

RelT  =  V  (( Expr  /«)") 

We  use  R  to  range  over  Relr. 

Definition  4.2  A  relation  R  E  Relr  is  admissible  if  and  only  if  it  satisfies 
both  of  the  following  two  conditions. 

Strictness:  (ei, . .  * ,  en)  E  R  if  and  only  if  ((Vi  G  l..n  :  e\  ft)  V  (Vi  G  l..n  : 
3 :  ei  H >*  Vi  A  (t?i, . . .  ,vn)  G  R)) 

Completeness:  For  all  i  G  l..n  and  for  all  Ci{p}  G  CtxT  with  all  param¬ 
eters  in  p  of  type  t\  T2  and  for  all  =  fix  f(x:ri).ei  G  ExpTl^T2, 
and  for  all  I  £  VC0{{N^), 

(Vm  €  I :  (C^Fl}, Cn{F 2})  €  R)  =► 

{(C1{Fl},...,Cn{F2})eR) 

Recall  that  C{p}  means  that  all  of  the  parameters  of  C  are  included  in  p, 
that  is,  in  the  completeness  condition  the  contexts  C{  are  not  required  to  all 
have  the  same  number  of  parameters. 

The  completeness  condition  on  relations  is  motivated  as  follows.  For 
simplicity,  let  us  just  consider  unary  relations  (n  =  1).  We  wish  to  impose 
a  completeness  property  that  allows  us  to  conclude  that  C{FUJ}  G  R  based 
on  whether  some  collection  of  finite  unrollings  of  C{Fu}  are  in  R.  Clearly, 
it  is  not  sufficient  to  establish  that  C{Fi}  G  R  for  some  i  >  0,  since  C{Fi } 
may  fail  to  terminate  (and  hence  lie  in  R  by  the  strictness  condition  on 
relations),  whereas  C{Fb}  may  terminate  with  some  value.  This  suggests 
that  it  may  be  sufficient  to  establish  that  C{Fi }  G  R  for  some  i  such  that 
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C{F{}  terminates.  But  such  a  weak  notion  of  completeness  would  not  be 
closed  under  the  formation  of  function  spaces  between  relations.  Knowing 
that  C{Fi}  terminates  and  that  C{Fi }  G  R\  R2  does  not  entail  that  there 
exists  ir  such  that  C{Fi»}{e)  terminates  and  lies  in  Consequently  we 
must  assume  that  for  every  i  there  is  a  larger  i!  such  that  C{Fi}  €  R  so  that 
in  the  case  of  R  =  R\  — 1  R2  we  may  pick  a  large  enough  if  to  ensure  that  an 
application  C{FV}  (e)  terminates  and  hence  lies  in  i?2-  The  completeness 
condition  we  have  stated  here  ensures  that  this  is  the  case. 

Definition  4.3  For  all  r ,  we  define  a  universe  of  admissible  n-ary  relations 
Radmr  as  follows. 


dof 

Radmr  =  {Re  Relr  |  R  is  admissible} 

We  also  use  R  to  range  over  Radmr. 

We  now  define  a  series  of  relational  constructors  corresponding  to  the 
syntactic  type  constructors.  For  each  of  these  constructors  it  is  easy  to 
verify  that  the  definition  does  not  depend  on  the  choice  of  representative  of 
an  operational  equivalence  class. 

Definition  4.4 

Ro  *=  {  (ei ,  •  •  • ,  en)  G  ( Exp0  /«)”  |  V*  €  l..n  :  e*  ft  } 

Definition  4.5 

#1  *=  {(ei,...,en)  G  (Exp1/^)n  |  (Vi  G  l..n  :  e*  ft)  V  (Vi  G  l..n  :  e*  i-»*  *)  } 
Definition  4.6  For  all  R\  E  Relri  and  R2  E  RelT2 , 

R1  xR2  d=f  {  (ci, . . . ,  en)  G  (ExpTl  XT2  /«)n  I 

(Vi  G  l..n  :  ei  ft)V 

(Vi  €  l..n  :  3«i,i;<  :  h  e*  w  («*,«')  :  n  x  r2 

A  (vi, . . . ,  vn)  E  Ri  A  («!,...  ,v'n)  ER2)} 

Definition  4.7  For  all  R\  E  RelTl  and  R2  E  RelT2, 

Ri  +  R2  =f  {  (ex,  •  •  • ,  en)  E  ( ExpTl+T2  /«)»  | 

(Vi  G  l..n  :  e*  f|-)V 

(Vi  G  l..n  :  3 V{  :  h  e*  «  inlT2  :  n  +  T2  A  («i, . . . ,  vn)  G  Ri) 

(Vi  G  l..n  :  3 Vi  :  h  e*  «  inrTl  :  Ti  +  T2  A  («i, . . . ,  vn)  E  R2)  } 
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Definition  4.8  For  all  Ri  6  Reln  and  R2  €  RelT2, 


Rx^R2  {(eu...,en)£(ExpTl^T2Mn  \ 

(Vi  G  1. .n  :  e;  ff)V 

(Vi  G  l..n  :  :  h  e*  «  v*  :  Ti  T2  A  ((e'l5 . . . ,  eJJ  G  i2i  => 

(vi  ^1 7***5  ^  ^2))  } 

Lemma  4.9  For  all  r,  (Radmr,  C)  is  a  complete  lattice . 

Proof  By  a  standard  lattice-theory  theorem  (see,  e.g.,  [2,  Theorem  2.16(ii)]) 
it  suffices  to  show  that  the  greatest  lower  bound,  /\  S',  exists  for  every  subset 

of  Radmr.  Thus  let  S  be  an  arbitrary  subset  of  Radmr .  Define  f\  S  d=  S'. 
We  then  have  to  show 

1.  f\  S  G  Radmr 

2.  f\  S  is  the  greatest  lower  bound  of  S 

Item  2  is  obvious  by  the  definitions.  To  prove  item  1  we  have  to  show  that 
the  two  conditions  in  the  definition  of  admissibility  are  satisfied.  They  both 
follow  easily  using  the  fact  that  each  R  G  S  is  admissible.  □ 

We  now  proceed  to  show  that  the  relational  constructors  preserve  ad¬ 
missibility.  To  this  end  we  shall  employ  the  following  lemma  about  the 
relation,  which  was  defined  in  Section  3.1. 

Lemma  4.10  For  all  i  G  L.n  and  for  all  contexts  Ci{p}  and  all  value 
contexts  V^{p^}  satisfying  Ci{p}  Vi{pi},  there  exists  a  pr  such  that  for  all 
i  G  l..n,  C{{p}  Vi{p}  and  furthermore ,  for  all  I  G  PCof(N^),  letting 

Ii  =  {«'  I  m  e!ACi{Fi}  H+*  Vi{Fi,}  }  G  Vcof  (iV^+'P'1) 


then 

i'  =  n  r 

i—1 

is  a  cofinal  subset  of  N iPl+lPl. 

Proof  Since  JJ-F  is  preserved  under  renaming  of  parameters  we  can  as¬ 
sume  without  loss  of  generality  that  all  parameters  p y  are  distinct.  Let 
p  =  p}  •  •  •  pn.  The  result  follows  by  Lemma  3.20  and  simple  properties  of 
cofinal  sets  (it  is  the  fact  that  each  Vi  involve  a  distinct  subset  of  the  param¬ 
eters  of  p'  that  ensures  that  the  intersection  defining  I'  indeed  is  a  cofinal 
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set). 


□ 


We  will  also  make  use  of  the  following  lemma  to  show  admissibility  of 
the  relational  constructors. 

Lemma  4.11  For  all  i  E  l..n,  all  Ci{p},  and  for  all  R\  E  Radmri  and 
R2  E  RadmT2  if  the  following  conditions  are  all  satisfied 

1.  j R  is  either  Rq,  R\,  R\  x  R2,  R\  +  R2?  or  R\  R2 

2.  Vme  I  E  VC0f(N\Pl)  :  (Ci{Fi  }, . . . ,  Cn{F£ })  €  R 

3.  each  R  is  strict 
then 

(Vi  G  l..n  :  Ci{Fi }  ft)  V  (Vi  6  l..n  :  Ct{Fl}  ft) 

Proof  By  contradiction  using  Lemma  3.22.  □ 

Lemma  4.12  For  all  R\  E  Radmri  and  all  R2  E  RadmT2,  Ri  x  R2  E 
R,adm xt2  * 

Proof  We  are  to  show  that  the  two  conditions  of  admissibility  hold. 
Strictness  Follows  by  Lemmas  3.5,  3.7.  and  3.8. 

Completeness  Let  I  E  VcofiN'P-).  Assume 


Vm  G  /  :  (Ci{J&},  •  •  • ,  Cn{F, £})  G  Rx  x  R2  (38) 

By  Lemma  4.11  (note  that  we  have  already  argued  that  the  strictness 
condition  of  admissibility  is  satisfied)  there  are  two  cases  to  consider. 

Case  I:  Vi  G  l..n  :  Ci{Fl}  ft.  Then  the  desired  follows  by  definition 
of  Ri  X  i?2- 

Case  II:  Vi  G  l..n  :  Ci{Fi }  ft.  Then  Vi  G  l..n  :  :  Ci{Fl}  v{. 

By  Lemma  3.22,  for  all  i  G  l..n  there  exists  a  1ft {pft}  such  that  vt  = 
Vi{Fi]  and  Ci{ p}  ftF  lft{p*}.  Thus  by  Lemma  4.10,  there  exists  a  p' 
such  that  for  all  i  G  l..n,  Ci{ p}  ftF  Vt{p}  and 

k  =f  {  mm!  \  mE  I A  QftFl }  Vi{Ft,}  }  E  ^cof  (A^lPl+lP'l) 
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and 


I'  =  f}li€  PC0f(iVlPl+lP'l) 

i—1 

Let 

I"  =f  {  m'  |  rh  E  I A  mm'  E  I'  } 

Clearly,  7"  E  'PcoK-^P  ^)-  By  (38),  Lemma  3.7  and  definition  of  7",  we 
have, 

Vm  E  7"  :(Vi{4 Vn{F%})  e  Ri  x  R2  (39) 

By  Canonical  Forms  Lemma,  for  all  i  6  l..n,  there  exist  Va,  such 
that  =  (T^i,  ^2)3  and  by  (39)  and  definition  of  R\  x  R2  we  then 
have 

Vm  E  7"  :  (Vn{7^}, . . . ,  Vnl{F%})  E  7?!  (40) 

and 

Vm  G  7"  :  (V12{Fi}, . . . ,  Vn2{F^})  G  7?2  (41) 

By  admissibility  of  7?i  and  (40)  we  then  get 

{Vll{Fl},...,Vnl{F2})^Ri  (42) 

and  by  admisibility  of  R2  and  (41)  we  get 

(V12{Fl},...,Vn2{Fg})eR2  (43) 

Hence,  by  definition  of  R\  x  R2  we  then  have 

(Fi{Fj},...,Fn{F(?})G7?1x7?2  (44) 

which  together  with  Lemma  3.7  (and  recalling  that  the  relations  are 
over  equivalence  classes  w.r.t.  operational  equivalence)  gives  that 

{Cl{Fl},...,Cn{F%})£R1xR2 


as  required. 


□ 

Lemma  4.13  For  all  R\  E  Radmn  and  all  R2  G  RadmT2,  R\  +  R2  G 
Radm ^ ^ . 

Proof  We  are  to  show  that  the  two  conditions  of  admissibility  hold. 
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Strictness  Follows  by  Lemmas  3.5,  3.7.  and  3.8. 

Completeness  Let  I  E  ).  Assume 

Vm  €  /  :  {C^Fl }, . . . ,  Cn{F£})  E  Ih +  R2  (45) 

By  Lemma  4.11  (note  that  we  have  already  argued  that  the  strictness 
condition  of  admissibility  is  satisfied)  there  are  two  cases  to  consider. 

Case  I:  V*  €  l..n  :  C,{Fl}  f|-.  Then  the  desired  follows  by  definition 
of  R\  +  i?2- 

Case  II:  Vi  €  l..n  :  Ci{Fl}  Then  Vi  E  l..n  :  3v{  :  Ci{Fi}  ^ *  v{. 
By  Lemma  3.22,  for  all  i  E  l..n  there  exists  a  Vi { p* }  such  that  V{  = 
Vi{Fl}  and  Ci{ p}  JJ-F  K{p)}.  Thus  by  Lemma  4.10,  there  exists  a  p 
such  that  for  all  i  E  l..n,  Ci{ p}  V({p/}  and 

Ii  d=  {  mm1  |  m  €  I A  Ci{Fi  }  Vi{F%,}  }  E  Vco{(N^^)  (46) 

and 

/'  p  It  €  T’cof  (iVlPl+lP'l) 

7=1 

Let 

I"  =f  {  m'  |  m  E  I  A  mm'  G  7r } 

Clearly,  I"  E  VCoi{N^  ^)-  By  (45),  Lemma  3.7  and  definition  of  I",  we 
have, 

Vm  G  I"  :  (Vi {Fl}, . . . ,  Vn{F£})  E  R,  +  R2  (47) 

By  Canonical  Forms  Lemma, 

Vi  €  L.n  :  ((3Vn  :  Vi  =  inlT2  Vn)  V  ( 3Vi2  :  Vi  =  inrn  Vi2)) 


Claim: 


(Vi  E  L.n  :  3Vh  :  V;  =  inlT2  Fa)  V  (Vi  E  L.n  :  3Vi2  :  Vi  =  inln  Vi2) 


Proof  of  Claim:  By  contradiction  (of  the  assumption  (45)),  using 

Lemma  3.7,  and  (46).  (End  of  Proof  of  Claim) 

Thus  there  are  two  subcases  to  consider. 

SubCase  I:  Vi  E  l..n  :  3Vn  :  Vi  =  inlT2  Vn .  Now  proceed  as  in  the 
proof  of  Lemma  4.12,  using  admissibility  of  Ri. 

SubCase  II:  Vi  E  l..n  :  3Vi2  :  Vi  =  inlTl  Vi2 .  Now  proceed  as  in  the 
proof  of  Lemma  4.12,  using  admissibility  of  R2. 
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□ 


Lemma  4.14  For  all  Ri  G  RelTl  and  all  R%  €  RadmT2,  i?i  — 1 "  R2  € 
Radmri^T2. 

Proof  We  are  to  show  that  the  two  conditions  of  admissibility  hold. 

Strictness  Follows  by  Lemmas  3.5,  3.7.  and  3.8. 

Completeness  Let  I  €  Pcof(iVtPl).  Assume 

Vm  G  I :  Cn{F&})  G  Ri  -  R2  (48) 

By  Lemma  4.11  (note  that  we  have  already  argued  that  the  strictness 
condition  of  admissibility  is  satisfied)  there  are  two  cases  to  consider. 

Case  I:  Vi  G  L.n  :  Ci{Fl}  f|\  Then  the  desired  follows  by  definition 
of  i?i  — ^  i?2- 

Case  II:  Vi  G  L.n  :  Then  Vi  G  l..n  :  3^  :  Vi. 

By  Lemma  3.22,  for  all  i  G  L.n  there  exists  a  V5{pJ}  such  that  Vi  = 
Vi{Fl}  and  Ci{ p}  V^p^}.  Thus  by  Lemma  4.10,  there  exists  a  p' 
such  that  for  all  i  G  L.n,  Ci{p}  V^p'}  and 

Ii  =f  {  mm'  \  me  I A  Ci{Fi}  Vi{Fi,}}  G  Vco{  (ArlPWP'l)  (49) 
and 

I'  =  f)  R  G  PCof(iVlPl+lP'l) 

i= 1 

Let 

7"  =f  {  ra'  |  ra  G  7  A  ram'  G  7'  } 

Clearly,  7"  G  ^)*  By  (48),  Lemma  3.7  and  definition  of  7",  we 

have, 

Vm  G  I"  :  (Vi{F,|}, . . . ,  F„{f£})  G  R1  -  i?2  (50) 

Hence  by  definition  of  R\  — ^  i?2 

Vm  G  I"  :  V(ci, .  •  •  i  e'n)  G  R\  :  (V^Fl}  e[,. . . ,  Vn{F£}  e'n)  G  R2 

(51) 

Let  (e'x, . . . ,  efn )  G  7?i  be  arbitrary.  Then  by  (51)  we  have 

Vm  G  I"  :  (Vi {Fjj  ej, . . . ,  V„{®  <)  G  R2  (52) 
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whence  by  admissibility  of  i?2,  also 

(V1{Fl}e[,...,Vn{F?}e'n)6R2  (53) 

Since  (e[,. ,  e'n)  was  arbitrary  and  using  Lemma  3.7  we  have  that 

(Ci{F%},...,Cn{FS})eR  1-+R2 

as  required. 

□ 

Lemma  4.15  i?i  £  Radm 

Proof  We  are  to  show  that  the  two  conditions  of  admissibility  hold. 

Strictness  Follows  by  Lemmas  3.5,  3.7.  and  3.8. 

Completeness  Let  I  £  Vcof(N iPl).  Assume 

Vm  £  I :  {C^Fl }, . . . ,  Cn{F%})  £  R,  (54) 

By  Lemma  4.11  (note  that  we  have  already  argued  that  the  strictness 
condition  of  admissibility  is  satisfied)  there  are  two  cases  to  consider. 

Case  I:  Vi  £  l..n  :  C\{F^}  ft.  Then  the  desired  follows  by  definition 
of  f?jV- 

Case  II:  Vi  £  l..n  :  Cl{Fi-}  ft.  Then  Vi  £  l..n  :  Ci{Fi}  ^ *  *.  By 
Lemma  3.22,  for  all  i  £  l..n  there  exists  a  F  {  p) }  such  that  *  =  Vi{Fl] 
and  Ci{p}  ftF  Vi{ p*}.  Thus  by  Lemma  4.10,  there  exists  a  p  such  that 
for  all  i  £  l..n,  C;{p}  ftF  Vi{p}  and 

Ii  AM{rnfh'  \  m£  I  ^  Ci{Fi}  *  Vi{Fi,}  }  €  Pcof  (IVlPl+lP'l)  (55) 

and 

/'  d=  f]lie  PcofC^PWP'i) 
i= 1 
Let 

In  {fri  |  rh  E  I  A  mm  €  If  } 

Clearly,  J"  E  Vco{ I).  Clearly,  V{  —  *.  Since  I"  is  cofinal,  in 
particular  it  is  non-empty,  so  by  (54)  we  have  E  R\.  Whence, 

by  Lemma  3.7  we  have  that 

(C1{Fj},...,C„{F?})£JR1 

as  required. 
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□ 


Lemma  4.16  Rq  E  Radmo. 

Proof  Immediate  by  the  definition  of  Ro  and  the  fact  that,  for  all  e  E  Exp0, 
e  ff;  the  latter  follows  from  progress  and  the  fact  that  there  are  no  values  of 
type  0  (formally,  by  Theorem  2.12  and  Lemma  2.11).  □ 


5  Relational  Interpretation 

In  this  section  we  give  a  relational  interpretation  of  the  types  of  £,  that  is,  an 
assignment  of  admissible  relations  to  each  type.  To  interpret  the  different 
type  constructors  we,  of  course,  make  use  of  the  corresponding  relational 
constructors  defined  in  the  previous  section.  Our  construction  follows  along 
the  lines  of  Pitts  [17]. 

Definition  5.1  For  all  r7  define  [r]  :  Radmp  — >  Radmr  by  induction  on  r 
as  follows . 


[Op 

=  Rq 

[lp 

=  Ri 

[pp 

=  R 

in  X  T2p 

=  [npx[r2p 

in  +  r2p 

=  [np  +  pp 

in  np 

=  inp  [r2p 

Note  that  the  operation  |r]  is  well-defined  by  induction  on  r  and  Lem¬ 
mas  4.9-4.16. 

Definition  5.2  Define  $  :  Radmp  — »  Radmp  by 

$P)  =  {(eu...,en)e(ExppMn  I 

(Vi  E  l..n  :  e\  ff)  V  (Vi  E  l..n  :  3v{  :  h  e\  «  in  V{  :  p  A 

(vi,...,vn)e  [Tp]i?)} 

Lemma  5.3  $  is  well-defined. 

Proof  First  note  that  the  definition  does  not  depend  on  the  chosen  equiv¬ 
alence  class  representatives  (by  Lemma  3.5  and  transitivity  of  «).  Let 
R  E  Radmp .  We  are  to  show  that  <&{R)  is  admissible.  Use  the  fact  that 
| Tp\R  is  admissible  and  proceed  as  in  Lemma  4.12.  □ 
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Lemma  5.4  (Radmop  x  Radm)  ordered  componentwise  is  a  complete  lattice. 


Proof  Follows  by  Lemma  4.9 


□ 


Definition  5.5  For  all  r,  define  Jr]'  :  ( Rel°pp  x  Radmp)  — »  Radmr  by  in¬ 
duction  on  r  as  follows. 


[i  ]'(ir,i?+) 
IpY(r-,r+) 

In  x  t2}'(R  ,R+) 
1Ti  +  t2Y(R-,R+) 


Ro 

Ri 

R+ 

lnY(R~,R+)  x  [n]'(R-,R+) 
[T1]'(i?-,i?+)  +  [r2r(i?-,i?+) 
It1Y(r+,r~)  It2Y(r~,r+) 


Note  that  the  operation  |t]'  is  well-defined  by  induction  on  r  and  Lem¬ 
mas  4.9-4.16.  Moreover,  note  that  the  first  argument  to  [r]'  is  not  required 
to  be  admissible;  this  will  be  useful  in  the  following  section. 


Definition  5.6  Define  4/  :  ( Radmop  x  Radmp)  — >>  Radmp  by 


V{R-,R+) 


def 


{(ei,...,en)  G  {Expp/^)n  | 

(Vi  G  l..n  :  ei  ft)  V  (Vi  G  1  ..n  :  3^  :  h  e*  «  in  Vi  :  pA 

(v1,...,vn)e{TPY(R-,R+))} 


Lemma  5.7  is  well-defined. 

Proof  As  in  the  proof  of  5.3.  □ 


Definition  5.8  Define  :  ( Radmop  x  Radmp)  -»  (i?adm^  x  Radmp)  as 
follows. 

^(R-,R+)  =  (V(R+,R-),'I>(R-,R+)) 

Lemma  5.9  is  monotone. 

Proof  By  induction  on  r  using  monotonicity  properties  of  the  relational 
constructors  in  the  obvious  way.  □ 


Definition  5.10  By  Lemma  5.9  and  5.4  a,nd  Tarski’s  fixed  point  theorem , 
has  a  least  fixed  point  lfp(\I/§).  Define  (A”,  A+)  =f  lfp(\I/§). 
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Lemma  5.11  (A_,A+)  satisfies  the  following  properties 

1.  A~,A+  G  Radrrip 

2.  A"  =  ^(A+,  A-) 

3.  A+  =  ^(A-,  A+) 

4 .  for  all  (R~,R+)  G  ( Radm°p  x  Radmp),  if  '&§(R~,R+)  C  ( R~,R+ ) 
then  R~  C  A-  and  R+  D  A+ 

5.  A+  C  A" 

Proof  Items  1-3  are  obvious.  Item  4  follows  by  the  least  fixed  point  prop¬ 
erty.  Item  5  follows  by  letting  R~  =  A+  and  R+  =  A-  in  4.  □ 

To  simplify  notation,  we  write  c  :  R  C  R'  for 

V(ej , . . . , e^)  G.  R  .  (eei,...  ,e e^)  G  . 

Note  that  this  notation  does  not  depend  on  the  chosen  equivalence  class 
representative,  so  the  notation  is  indeed  well-defined. 

Lemma  5.12  For  all  i  G  N  and  for  all  r, 

nt:[r]'(A+,A-)c[r]/(A-,A+) 

Proof  By  induction  on  (i,r)  ordered  lexicographically.  We  proceed  by 
cases  on  r. 

Case  r  —  0:  Follows  immediately  by  [0]'(A+,  A")  =  [0]'(A~,  A+)  = 
R0  and  ITq  —  \x:0.x,  for  all  i,  and  Lemma  3.6. 

Case  r  —  1:  As  the  previous  case. 

Case  r  =  p:  Then  [rJ'(A+,  A“)  =  A~  and  [rJ^A-,  A+)  =  A+.  As¬ 
sume  ei,...,en  G  A”.  We  are  to  show  that  (11^  ei, . . .  ,11^  en)  G  A+.  By 
admissibility  of  A”,  in  particular  by  the  strictness  condition  of  admissibility, 
there  are  two  cases  to  consider. 

SubCase  e k  If,  for  all  1  <  k  <  n:  Then  also  11^  e k  if,  for  all  1  <  k  <  n, 
so  by  admissibility  of  A+,  the  required  follows. 

SubCase  e &  If,  for  all  1  <  k  <  n:  Then,  as  A“  =  ^(A+,  A“),  (ei, . . . ,  en)  = 
(in  ui,...,in  vn)  for  some  (ui,...,un)  G  [rp](A+,A“)  (recall  that  we  are 
working  over  equivalence  classes).  There  are  two  subcases. 

SubSubCase  i  =  0:  Then  If,  for  all  1  <  k  <  n,  by  Lemma  3.46,  so 
by  admissibility  of  A+,  the  required  follows. 
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SubSubCase  i  >  0:  Then  by  Lemma  3.47  (aplicable  as  i  >  1),  h  II‘,  e  ~ 
in  (II)"1  vk)  ■  p ■  By  induction  (note  that  ( i  —  1  ,rp)  <  ( i,p )  in  the  lexi¬ 
cographic  order),  we  get  that  (U^vi , . . .  ,W~plvn  )  G  [tpJ(A",  A+).  By 
admissibility  there  are  two  cases  to  consider. 

SubSubSubCase  II*"1  vk  ft,  for  all  1  <  k  <  n:  Then  also  Wp  ek  ft,  for  all 
1  <  k  <  n,  so  by  admissibility  of  [p](A",  A+),  the  required  follows. 

SubSubSubCase  II);1  vk  fl,  for  all  1  <  k  <  n:  Then  II);1  vk  =  v'k,  for  all 
1  <k  <n  such  that  (v[,  ■■■,v'n)  G  [rpJ(A",  A+),  whence  by  Lemma  3.11,  h 
Wp  ek  fa  in  v'k  :  p,  for  all  1  <  k  <  n,  so  by  definition  of  4>,  (II),  ei, . . .  Wp  en )  G 
\&(A",A+)  =  A+  =  [p](A+,  A"),  as  required. 

Case  t  —  T\  x  r2:  Then  [r](A+,A")  =  |ri](A+,A")  x  [t2](A+,  A") 
and  [tJ(A",A+)  =  [ri](A",A+)  x  |t2](A",  A+).  Assume  (ei,...,en)  G 
[r](A+,A").  We  are  to  show  that  (II).  e%, . . .  ,11).  en)  G  [r](A",A+).  By 
admissibility  there  are  two  cases  to  consider. 

SubCase  ek  ft,  for  all  1  <  k  <  n:  Easy. 

SubCase  ek  JJ-,  for  all  1  <  k  <  n:  Then  by  definition  of  [ti](A+,  A")  x 
[t2](A+,  A"),  ek  =  {vk,vk),  for  all  1  <  k  <  n,  (v[, . . .  ,v'n)  G  [ri](A+,A"), 
and  «,  ...,<)  G  [r2](A+,  A").  By  Lemma  3.43,  h  II*  efc  «  (11^  v'k,  u" 
n  x  r2,  for  all  1  <  k  <  n.  By  induction  on  ( i ,  ti),  (v[,  . . . ,  v'n)  G  fri](A  ,  A+). 
By  induction  on  (*,  r2),  (v'{, . . . ,  v")  G  [t2](A",  A+).  By  admissibility  of 
|ri](A",  A+)  and  |r2](A",A+),  there  are  three  subcases  to  consider. 

SubSubCase  11^  v'k  ft,  for  all  1  <  k  <  n:  Easy  using  Lemma  3.43. 

SubSubCase  U\2  v'k  ft,  for  all  1  <  k  <  n:  Easy  using  Lemma  3.43. 

SubSubCase  h  11^  v'k  fa  vy  :  T\  for  some  (up, . . . ,  vy)  G  JVi|(A",  A+) 
and  h  II  \2vk  fa  vy  :  r2  for  some  (vy , . . . ,  vn»)  G  [t2](A",  A+):  By 

Lemma  3.9,  h  II).  ek  fa  (vy,vy)  :  n  x  r2,  so  by  defintion  of  [riJ(A",  A+)  x 

|r2](A“,  A+),  the  required  follows. 

Case  t  =  Ti  +  r2:  Similar  to  the  case  for  r  =  t\  x  t2,  using  Lemmas  3.44 
and  3.10. 

Case  t  —  T\  v  t2:  Then  [r](A+,A")  =  |tiJ(A",  A+)  -»■  [t2](A+,A") 
and  [r](A",A+)  =  [n](A+,A")  ->■  [t2](A",  A+).  Assume  (e1?...,en)  G 
[tJ(A+,  A").  We  are  to  show  that  (II).  ek, . . . ,  II).  en)  G  [r](A",A+).  By 
admissibility  there  are  two  cases  to  consider. 

SubCase  ek  ft,  for  all  1  <  k  <  n:  Easy. 

SubCase  ek  ft,  for  all  1  <  k  <  n\  Then  (ei,...,en)  =  («i,...,un)  for 
some  («i, . . .  ,vn)  G  Ir](A+,  A").  By  definition  of  — 1  we  thus  have 

(ei,  •  •  • ,  e'n)  €  |ril(A",A+)  =>  (v1e[,...,vne'n)  G  [t2](A+,A")  (56) 
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By  Lemma  3.45,  for  all  1  <  k  <  n, 

b  K  ek  ft  \x:ti.WT2  (vk  (ITTl  x))  :  n t2 

Assume  (e^, . . . ,  e'n)  G  [ti](A+,  A-).  By  definition  of  —*■  it  then  suffices  to 
show  that 

(Ax:n.nt2  (Vi  (ffTl  x))  (ei),  •  •  • ,  Xx-.r,.^  (vn  (H^  *))  (e'J)  G  [75] (A",  A+) 

By  admissibility  there  are  two  subcases. 

SubSubCase  e'k  ff,  for  all  1  <  k  <  n:  Easy. 

SubSubCase  e'k  -I),  for  all  1  <  k  <  n:  Then  (e^, . . . ,  e'n)  =  (v[, . . . ,  v'n)  for 
some  (v[, . . . ,  v'n)  G  [ti](A+,  A-).  Then,  for  all  1  <  k  <  n, 

h  Ax:n.n;2  (vk  (njj  *))  (e'k) «  n;2  (vk  (n*,  v'k))  r2 

By  induction  on  {i,  rx),  (fl^  v[ , . . . ,  11^  v'n)  G  [ti]](A_,  A+).  Hence,  by  (56), 

(vi  (K  »i), (K  <))  €  [r2]( A+,  A") 

By  admissibility  there  are  two  cases  to  consider. 

SubSubCase  vk  11^  v'k  ft-,  for  all  1  <  k  <  n:  Easy. 

SubSubCase  vk  WTl  v'k  JJ-,  for  all  1  <  k  <  n:  Then  (^i  11^  v[,...,vn  v'n)  = 
(vi,...,v'n)  for  some  (v",...,v")  G  [t2](A+,  A-).  Then,  for  all  1  <  k  <  n, 

H  n^2  (vk  {Wn  v'k))  ft  wr2  v'j.  :  r2  and  by  induction  on  (i,  r2),  (n*2  v'{, . . . ,  WT2  v")  G 
[r2J(A_,  A+).  Hence  by  admissibility  of  [r2](A~,  A+)  and  transitivity  of  ft!, 
the  required  follows.  □ 


Lemma  5.13  For  all  i  G  N,  it1  :  A  C  A+. 

Proof  By  induction  on  i. 

Basis  ( i  =  0);  Assume  (ei, . . .  ,e„)  G  A-.  By  Lemma  3.46  and  since 
b  7T°  ft  n°  :  p  — ^  p,  7T°  ek  1),  for  all  1  <  k  <  n.  Hence,  by  admissibility  of 
A+,  (7t°  ei, . . . ,  7T°  en)  G  A+,  as  required. 

Inductive  Step:  We  assume  it  holds  for  i  and  show  for  i  +  1.  Assume 
(ei, . . . ,  en)  G  A-.  By  admissibility  of  A-  there  are  two  cases  to  consider. 
SubCase  ek  i),  for  all  1  <  A;  <  n:  Easy. 

SubCase  (ei, . . .  ,en)  =  (in  vj,.. . ,  in  vn )  for  some  (vi,  ...,vn)  G  |[tp]](A+,  A~): 
By  Lemma  3.47  (applicable  as  i  +  1  >  1),  I-  n*+1  ek  ft  in  {WT  vk)  :  p,  for 
all  1  <  A:  <  n.  By  Lemma  5.12,  (H^  ui, . . .  ,n^  vn)  G  [rp](A_,A+).  By 
admissibility  of  |tp](A~,  A+),  there  are  two  subcases  to  consider. 
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SubSubCase  UiTp  Vk  It,  for  all  1  <  k  <  n:  Easy  using  Lemma  3.5. 
SubSubCase  «i, . . . ,  H*p  vn)  =  (v[, . . .  ,v'n)  for  some  (v[,. . .  ,v'n)  G 
[r^KA-,  A+):  Then  by  transitivity  and  Lemma  3.7,  h  II*+1  ~  in  v'k  :  p , 

for  all  1  <  k  <n,  so  by  definition  of  'I'  (IIp+1  ei, . . . ,  II^+1  en)  G  ^(A-,  A+)  = 
A+,  as  required.  D 


Lemma  5.14 


tt00  :  A"  C  A+ 

Proof  Let  (ei,...,en)  G  A".  We  are  to  show  that  (7r°°ei, . . .  ,7r°°en)  G 
A+.  By  admissibility  of  A+  (Lemma  5.11,  item  1),  with  7  =  IV  in  the  def¬ 
inition  of  admissibility,  it  suffices  to  show  Vi  G  N  :  (it1  ei, . . . ,  7r*  en )  G  A+. 
But  this  follows  from  Lemma  5.13.  □ 

Lemma  5.15 


A-  C  A+ 


Proof  By  Lemma  5.14,  Theorem  3.70  and  the  fact  that  admissible  relations 
are  over  equivalence  classes  w.r.t.  operational  equivalence.  □ 

Lemma  5.16 


A“  =  A+ 

Proof  By  Lemmas  5.11  and  5.15.  □ 

Definition  5.17 

A  d=  A+ 

Definition  5.18  For  all  r  define  RT  ^  [t]A+. 

This  completes  the  construction  of  relations  Rr  for  all  r. 

We  now  aim  to  show  “The  Fundamental  Theorem  of  Logical  Relations” 
which  states  that  the  relational  interpretation  of  types  is  sound  in  the  sense 
that  well-typed  terms  are  related  to  themselves  by  the  relation  associated 
to  their  type.  To  this  end  we  first  extend  the  interpretation  of  types  as 
relations  to  type  environments. 
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Definition  5.19  For  all  type  environments 

Rr  =  {(7i,--.,7»)  I 

(Vi  E  L.n  :  7^  is  an  expression  substitution  for  T)  A 
(Vz  €  Dom(r)  :  (71 0*0,  •  •  •  ,7n0*0)  €  Rr(x))} 

Theorem  5.20  IfT  b  e  :  r  and  (71, . . .  ,7^)  E  -Rr?  then  (71(e), . . .  ,7n(e))  E 

Rr. 

Proof  (Sketch)  By  induction  on  V  b  e  :  r.  In  the  case  for  T-FIX,  by 
admissibility  of  the  relations  l?r,  for  all  r,  it  suffices  to  show,  for  all  i  E  iV, 

(fix  /*(:e:ti). 71(e),...  ,fix  /*  (axri).7n(e))  £ 

but  this  is  easy  to  show  by  an  inner  induction  on  i  using  the  outer  induction 
hypothesis.  □ 


6  Logical  Equivalence 

In  this  section  we  shall  be  concerned  with  binary  relations  (i.e.,  n  —  2)  as 
constructed  in  the  previous  section.  The  relations  can  be  used  to  define  a 
notion  of  logical  equivalence  as  follows. 

Definition  6.1  (Logical  Equivalence)  For  all  e,ef  E  Expr  we  define  b 
e  Rr  ef  if  and  only  if  (e,  ef)  E  Rr- 

(Recall  that  e  and  ef  denote  the  equivalence  classes,  wrt.  operational  equiv¬ 
alence,  of  e  and  ef  respectively  in  the  expression  (e,e')  E  Rr-) 

Theorem  6.2  If  b  e  «  e'  :  r  then  b  e  Rr  ef. 

Proof  By  Theorem  5.20.  □ 


Theorem  6.3  If  b  e  Rr  el  then  b  e  «  ef  :  r. 

Proof  Suppose  b  e  Rr  e'.  Let  E{-r}  E  ECtxi  be  arbitrary.  Further  let 
r  —  {x  1 — y  t }  and  let  eo  =  E{x },  7  =  {x  e},  and  7'  =  {x  e'}.  Then 
we  have  that  T  b  e  :  1  and  (7,7')  E  Rr-  Thus  by  Theorem  5.20,  we  get  that 
(7(eo)?7/(^o))  €  R\.  Thus  (j E{e},E{ef})  E  jRi,  so  by  definition  of  i?i,  we 
have  that  E{e }  E{ef}.  Hence  as  E  was  arbitrary,  we  have  b  e  &  e'  :  r, 
as  required.  □ 
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Definition  6.4  (Open  Logical  Equivalence)  For  all  e  and  e' ,  ifY  he: 

r  and  T  h  e'  :  t,  then  we  define  Y  Y  e  Rr  e'  if  and  only  if  for  all  value 
substitutions  7  and  7'  for  T  satisfying  (7, 7')  €  Rr,  I"  7(e)  &r  I'i6')- 

Theorem  6.5  T  b  e  «  F  :  r  «/  one?  onh/  «/  T  b  e  e'. 

Proof  Suppose  T  \-  e  RT  e'  and  let  7  and  7'  be  value  substitutions  sat¬ 
isfying  (7,7')  £  i?r-  Then  Vx  £  Dom(r)  :  b  7(2;)  Rr(x)  l'(x) •  Hence  by 
Theorem  6.3,  Vx  £  Dom(r)  :  b  -y(x)  «  7'(x)  :  T(a;).  Thus  from  our  assump¬ 
tion  we  get  that  b  7(e)  «  7'(e')  :  r  so  by  Theorem  6.2,  b  7(e)  Rr  j'(e'),  as 
required. 

For  the  other  direction,  suppose  that  T  b  e  i?T  e'.  Let  7  and  7'  be  value 
substitutions  such  that  \/x  €  Dom(r)  :  b  7(2;)  ~  'y'(x)  :  F(:r).  Then  by  The¬ 
orem  6.2,  we  have  that  V2:  £  Dom(r)  :  b  7(2:)  Rr(x)  Thus  from  our 

assumption  we  get  that  b  7(e)  RT  7,(e/)  so  Theorem  6.3,  b  7(e)  ~  7,(e/)  :  r, 
as  required.  0 

In  summary,  what  we  have  so  far  is  that  contextual  equivalence  is  equiv¬ 
alent  to  open  experimental  equivalence  which  is  again  equivalent  by  to  open 
logical  equivalence.  In  symbols 

b  e  «c  e'  :  r  <=$■  T  b  e  «  e' :  r  Corollary  3.35 
-4=3-  r  b  e  Rr  e'  Theorem  6.5. 

Hence  we  may  use  logical  equivalence  to  prove  experimental  and  con¬ 
textual  equivalence.  This  is  especially  useful,  as  we  shall  now  show,  since 
we  can  derive  a  useful  coinduction  principle  for  establishing  logical  equiva¬ 
lence.  One  can  also  derive  an  induction  principle  but  we  shall  not  go  into 
that  here.  These  principle  are  derived  in  a  manner  analogously  to  the  way 
in  which  Pitts  [17]  derives  such  principles.  For  reasons  of  space,  we  shall 
be  less  formal  in  our  presentation  of  these  reasoning  principles  than  we  are 
elsewhere. 

Theorem  6.6  For  all  R~  £  Relp  and  for  all  R+  £  Radmp,  the  following 
inference  rule  is  valid: 

out  :  RT  C  I-rp]'(.R+,ir)  in  :  [7>]'(ir,  J?+)  C  R+ 

R~  C  A  C  R+ 

Remark  6.7  Note  that  R~  is  not  required  to  be  admissible.  (If  R~  was 
required  to  be  admissible  then  the  theorem  would  essentially  just  be  a  re¬ 
statement  of  Lemma  5.11,  item  f.) 
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Proof  The  idea  of  the  proof  is  to  show  that,  under  the  given  assumptions, 

7r°°  :  R~  C  A  and  i r°°  :  A  C  and  then  use  the  syntactical  minimal 
invariance  to  get  the  conclusion.  Since  A  (as  shown  earlier)  and  (by  as¬ 
sumption)  are  both  admissible,  we  can  show  this  by  showing  it  for  the  finite 
unrollings  of  7r°°,  as  in  the  proof  of  Lemma  5.14.  For  the  finite  unrollings  of 
7r°°,  one  proceeds  as  in  the  proofs  of  Lemmas  5.12  and  5.13.  □ 

We  now  show  how  to  specialize  Theorem  6.6  to  a  coinduction  principle 
and  give  some  examples  of  how  to  use  it.  More  examples  of  the  kind  found 
in  [16]  may  also  be  treated  this  way. 

Theorem  6.8  (Coinduction  Principle)  For  all  R  £  Relp,  if  in  :  [rp];(i2,  A)  C 
A,  then  the  following  inference  rule  is  valid : 

out  :#C  [tpY(A,R) 

RCA 

Remark  6.9  Note  that  R  is  not  required  to  be  admissible. 

Proof  By  Theorem6.6,  letting  R~  =  R  and  =  A  and  using  that 
[tp]'(J2,A)  =  A.  □ 

Example  For  the  purpose  of  this  example,  we  shall  assume  that  we  have 
another  ground  type  N  and  that  rp  =  1  +  N  x  p,  such  that  p  is  intuitively 
the  type  of  lists  of  natural  numbers.  Moreover,  assume  Rn  is  the  obvious 
equality  relation  on  the  type  N  (essentially  defined  analogously  to  R\). 

Then  [rp]'(R,  A)  =  R\  +  Rn  x  A,  for  any  R ,  and  thus,  by  definition  of 
A,  in  :  [TpJ'(i?,  A)  =  R\  +  Rn  x  A  C  A.  Hence,  for  any  R  £  Relp ,  we  have 
that  the  following  inference  rule  is  valid: 

out  :  R  C  R\  +  Rn  x  R 
RCA 

Unwinding  the  definitions,  this  rule  says  that  if  whenever  e  Re1  then  either 

1.  out  e  ft  Aout  e'  ft;  or 

2.  out  e  i-4*  ini Nxp  *  A  out  ef  *->*  inl^xp  *;  or 

3.  out  e  i-4*  inri  (n,  v)  A  out  ef  t-4*  inri  (n,  v!)  A  v  R  v! ; 
then  e  R  e'  =>  e  A  e'. 
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Let  us  now  further  assume  that  the  list  function  map  is  defined  as  usual: 

map  =  fix  map(f:N  — "  N).\x:p. 

case(out  x,  Ay:rp.in  (\n\Nxp  *),  Ay:rp.in  (inri  (/  (fst  y),  map  f  (snd  y)))) 

and  that  succ  is  the  successor  function  for  the  type  of  natural  numbers 
and  that  o  is  the  functional-composition  term.  We  want  to  show  that 
map  succ  {map  succ  e )  is  experimentally  equivalent  to  map  ( succ  o  succ )  e, 
for  all  e  :  p.  By  Theorem  6.3  it  suffices  to  show  that  they  are  logically 
equivalent.  To  show  that  they  are  logically  equivalent,  we  can  apply  our 
coinduction  principle.  To  this  end  we  let 

R  =  {{map  succ  {map  succ  e),  map  {succ  o  succ)e)  |  he:/)}. 

One  can  now  show  that  whenever  e  R  e\  then  the  three  items  above  are 
satisfied.  Hence  we  can  conclude  that  e  Re'  implies  that  e  A  e'  so  recalling 
that  Rp  =  A,  we  have  that  map  succ  {map  succ  e )  is  indeed  logically  equiv¬ 
alent  to  map  {succ  o  succ)e,  for  all  e  such  that  h  e  :  p.  □ 

Example  In  this  example,  we  shall  again  assume  that  we  have  a  type  of 
natural  numbers  N.  We  shall  consider  streams  of  natural  numbers.  Streams 
are  implemented  by  means  of  functions,  as  is  often  the  case  in  languages  with 
call-by-value  semantics.  Thus  we  shall  consider  the  case  where  tp  =  1  — 1 
N  x  p.  Then  one  can  show  that  in  :  [rp]'(i2,  A)  =  R\  — L  Rn  x  A  C  A. 

Hence,  for  any  R  €  Relp,  we  have  that  the  following  inference  rule  is  valid: 

out  :  R  C  1  — 1  Rn  x  R 
RCA 

Unwinding  the  definitions,  this  rule  says  that  if,  whenever  e  Re'  then  either 

1.  out  e  *  -ff  Aout  e'  *  ft;  or 

2.  out  e  *  (n,  v)  A  out  e'  *  {n,  v')  A  v  R  v'; 

then  e  R  e'  =>  e  A  e'.  Pitts  [16]  also  derives  a  coinduction  principle  for 
infinite  streams  in  his  theory  of  program  equivalence  based  on  bisimulation. 

Pitts’  coinduction  principle  corresponds  closely  to  the  one  we  have  obtained 
here  by  specializing  the  recursive  type  to  the  type  of  streams. 

Consider  the  following  terms: 

ones  =  fix  ones(a::l).(l,  in  (A:r:l. ones  *)) 

twos  =  fix  twos{x:l). (2,  in  (Aaxl. twos  *)) 

succstr  =  fix  succstr{s:p). Xx:l.{Xp:N  x  p.{succ fst  p,  in  {succstr  (snd  p))))  (s  *) 
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Intuitively,  ones  is  the  streams  of  all  ones,  twos  is  the  stream  of  all  twos, 
and  succstr  is  the  successor  operation  on  streams  which  applies  the  succes¬ 
sor  function  to  every  element  in  the  stream.  Thus  we  would  expect  that 
succstr  ones  is  operationally  equivalent  to  twos.  We  can  show  this  using 
coinduction,  by  considering  the  relation 

R  =  {( twos ,  succstr  ones)}, 

because  supposing  that  e  R  ef ,  one  can  see  that  item  2  above  is  satisfied. 
Thus  we  conclude  that  RCA  and  thus  that  succstr  ones  is  logically  equiv¬ 
alent  (and  hence  operationally  equivalent)  to  twos .  □ 


7  Correctness  of  CPS  Transformation 

We  define  the  cps  transformation  as  a  relation  between  a  “source”  and  a 
“target”  language.  The  source  language,  Cp ,  is  just  the  language  C  defined 
earlier.  The  target  language,  Cp* ,  is  the  variant  of  C  obtained  by  replacing 
the  single  recursive  type  p  by  another  recursive  type  p*  obtained  from  p  by 
a  transformation  on  types  similar  to  that  given  by  Meyer  and  Wand  [12]. 

We  let  Typep  denote  the  set  of  type  expressions  of  Cp ,  that  is  Typep  = 
Type.  The  set  of  target  type  expressions,  denoted  Typep  ,  is  defined  exactly 
as  Type,  but  with  p*  for  p. 

Below  we  define  two  type  translations  from  Typep  to  Typep  ,  one  for 
computations,  r,  and  one  for  values,  r*  and  extend  the  one  for  values  to 
type  environments.  Note  that  the  case  (p)*  —  p*  is  not  recursive;  it  reads: 
“the  value  type  translation  of  the  source  type  p  is  the  target  type  p*.” 


Computations 

r  =  (r*  -4  1)  -4  1 

Values 

0*  =  0 

1*  =  1 

(p)*  =  P* 

(ri  x  T2)*  =  Ti*  X  72* 

(n  +  r2)*  =  Ti*  +  7-2* 

(n  -*■  r2)*  =  T\*  — ^  T2 

Type  Environments 

r*(x)  =  (T(x))*  (x  G  Dom(r)) 

In  the  target  language  Cp*  we  take  the  recursive  type  p*  to  be  isomorphic 
to  V. 
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r  I-  x  :  r  'w v  x  (T(x)  =  r) 


(cps-var) 


r  h  *  :  1  ^ v  * 


(cps-one) 


r [/  :  TX  r2][x  :  rx]  h  e  :  t2  e' 

T  1“  fix  f(x:ri).e  :  ti  T2  ^ v  fix  i*)-^ 


(fix  Dom(r)) 

(CPS-FIX) 


rhu:r  vf 
T  \~  v  :  r  A k:r*  — ^  l.fct/ 


(cps-val) 


Figure  3:  CPS  Transformation  —  Part  I 

We  shall  use  the  same  notation  for  both  the  source  and  target  language, 
but  we  must  take  care  to  remember  to  which  language  we  are  referring.  Of 
course,  all  the  results  obtained  in  previous  sections  for  C  hold  analogously  for 
both  the  source  and  target  language  (for  the  source  it  is  obvious  as  it  is  equal 
to  £,  for  the  target,  just  replace  p  with  p*  and  rp  with  rp*  everywhere)  and 
we  will  freely  refer  to  these  results  to  reason  about  both  the  source  and  the 
target  language.  When  we  need  to  distinguish  between  sets  of  expressions 
of  the  source  and  the  target  language,  we  shall  use  the  notation  developed 
for  L  but  use  a  superscript  p  for  the  source  language  and  a  superscript 
p *  for  the  target  language.  For  example,  Exp£  denotes  the  set  of  closed 
expressions  of  type  r  of  the  source  language,  whereas  Exp£  denotes  the  set 
of  closed  expressions  of  type  r  of  the  target  language.  Moreover,  we  will 
abuse  notation  and  write  e  e',  for  e  G  Exp^  and  ef  G  Exp^  ,  to  mean 
that  e  evaluates  to  *  in  Cp  if  and  only  if  ef  evaluates  to  *  in  . 

The  translation  relations  r  h  v  :  r  vf  for  values  and  T  h  e  :  r  e' 
for  computations  are  inductively  defined  by  the  rules  in  Figures  3  and  4. 

Lemma  7.1 

1.  Fherr  ef  for  some  ef  iffT\~e:r. 

2.  IfF\~v:r  ^ v  vl ,  then  T*  h  vf  :  r*. 

3.  If  T  h  e  :  r  c  e! ,  then  T*  h  e'  :  r. 

We  extend  the  notion  of  experimental  equivalence  to  evaluation  contexts 
as  follows. 
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_ r  h  ei  :  ti  e\  T  b  e2  :  r2  4 _ 

r  b  (ei,e2)  :  ri  x  r2  Afc:(ri  x  r2)*  l.e{  (\x\:ti* ,e'2  (Aa:2:T2* .A;  (a?i,a;2))) 

(cps-prod) 


r  b  e  :  ri  x  r2  ~~>c  e' 

r  t-  fst  e  :  ri  wc  AA::ri*  — ^  l.e'  (Aa?:ri*  x  t2*.A;  (fst  a;)) 
r  b  e  :  Ti  x  T2  ~'*c  e' 

T  b  snd  e  :  r2  A &::t2*  — *■  l.e'  (Arc:ri*  x  t2*.A;  (snd  a;)) 


(cps-fst) 


(cps-snd) 


r  b  e  :  T\  ~»c  e' 

T  b  inlT2  e  :  tj  +  r2  Afc:(ri  +  r2)*  — k  l.e'  ( \x:t\*  .k  (inlT2*  a;)) 

(cps-inl) 


T  b  e  :  t2  ~-»c  e' 

T  b  inrTl  e  :  ri  +  r2  ~~>c  Afc:(ri  +  r2)*  — l.e'  (Aa;:r2*.Ai  (inrTl*  x )) 

(cps-inr) 

r  b  ei  :  ti  +  t2  -wc  e'i  r  b  e2  :  t\  — r  e^  r  b  e3  :  r2  — *•  r  63 
T  b  case(ei,  e2, 63)  :  r  AA;:r*  — *•  l.e^  (Aa;:ri*  +  r2*.case(a?,  e'2xk,  e'3xk)) 

(  CPS- case) 


r  b  ei  :  t2  ^  t  e'j  T  b  e2  :  t2  ~^c  e2 

r  b  ei  e2  :  r  ~-+c  Afc:r*  — 1  l.e'x  (Aa;x:(r2  — r)*.e 2  (Aa;2:r2*.a:i  a:2  A;)) 

(CPS-APP) 


T  b  e  :  p  e' 

T  b  out  e  :  tp  ~^c  Xk:Tp*  — 1  l.e'  (A x:p*.k  (out  a;)) 
r  b  e  :  Tp  ~^>c  e' 

r  b  in  e  :  p  A/cp*  — 1  l.e'  (A x:rp*.k  (in  a:)) 


(CPS-OUT) 


(cps-in) 


Figure  4:  CPS  Transformation  —  Part  II 
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Definition  7.2  For  all  E{.T) ,  E' {_T}  €  ECtxT>,  we  define 

b  i?{_T}  «  E'{-t }  :  r'  (Ve,  e'  €  ExpT  :  b  e  «  e'  :  r  =>•  b  2?{e}  «  -E'{e'}  :  r'). 

As  in  Section  4  we  denote  equivalence  classes  by  one  of  their  represen¬ 
tatives. 

Theorem  7.3  There  exists  a  Typ ep -indexed  family  of  relations 
A£  C  Expti  /«  x  Exp1)  /~ 

A?  C  Valp  /«  x  Fa/f,  /» 

A*  C  ECtsfi  /«  x  Vaf  ^  /» 

satisfying 

e  A®  e'  •«=*■  £>{_t}  A*  v'  =>■  i?{e}  e'  v' 

v  A®  v;  ■<=£■  v  =  *,vr  =  * 

v  Ag  v'  never 

v  A®  v'  •«=£■  b  v  «  in  vi  :  p,  b  v'  «  in  vi  :  «i  A®p  vi 

v  A®lXT2  v'  <=>  b  v  «  («x,v2)  :  n  x  r2,  b  v'  «  (v'^vlfi)  :  n*  x  r2*, 

vi  A®  vi,  v2  AvT2  v'2 

v  A®+T2  v'  <*=*>  (  b  v  «  inlr2  ui  :  ti  +  r2,  bu'a  inlT2»  vi  :  n*  +  r2*,  Vi  A®  vi) 

V  (  b  v  w  inrTl  Vi  :  Ti  +  r2,  bv'«  inrTl»  vj  :  ti*  +  r2*,  vi  A®2  vi) 

vA?rtv'  4=>  vi  A®:  vi  =>  v  vi  A£2  v'  vi 

£J{.r}  A*  v'  <=$>  vi  A®  vi  =*>  ^{vi}  v'  vi, 
and 

(V*  €  AT :  fix  /‘(ar:ri).e  A®^T2  fix  /*(a;:Ti*).e')  =»  fix  /(z:Tx).e  A®  _,T2  fix  f{x\T\*).e' . 

(Note  that  the  conditions  satisfied  by  the  relations  are  all  independent  of  the 
choice  of  equivalence  class  representative  and  are  thus  well-defined  condi¬ 
tions.) 

The  proof  of  this  theorem  will  be  postponed  until  Section  7.1.  Now  we 
shall  first  see  how  to  use  the  relations  that  exists  by  the  theorem  to  prove 
the  correctness  of  the  cps  transformation. 
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Definition  7.4  Let  A£,  Avr,  and  be  relations  as  in  Theorem  7.3.  We 
then  define  a  source  type  environment  indexed  family  of  relations,  Ap,  re¬ 
lating  source  value  substitutions  for  V  modulo  experimental  equivalence 1  to 
target  value  substitutions  for  T*  modulo  experimental  equivalence  as  follows: 

7  Ap  Mxe  Dom(r)  :  y(x)  Avr(x) 


Theorem  7.5 

1.  IfT\-v:r  v  v*  and  7  Ap  7',  then  j(v)  A^  7'( v '). 

2.  IfT  b  e  :  r  e'  and  7  Ap  7',  then  7(e)  A£  7/(e/). 

Proof  By  simultaneous  induction  on  T  b  v  :  r  v*  and  T  h  e  :  r  e'.  □ 

Corollary  7.6  (Correctness  of  cps  transformation)  If  he:  1  ^>c  e', 

then  e!  e(Aa::La;). 

7.1  Construction  of  Relations  for  CPS  Correctness 

In  this  section  we  prove  Theorem  7.3.  This  amounts  to  constructing  rela¬ 
tions  satisfying  the  conditions  in  Theorem  7.3.  The  idea  is  to  proceed  as  in 
Sections  4  and  5  but,  of  course,  with  a  different  universe  of  relations  and 
with  different  relational  constructors. 

We  define  a  source  type  indexed  family  of  universes  of  relations  as  follows. 

Definition  7.7  For  all  source  types  r,  we  define  a  universe  of  relations 

RelT  =  V  (( ExppT  /«)  x  ( Expfc I  /»))  . 

We  use  R  to  range  over  Relr. 

Notation  7.8  When  I  E  Vcof(Nk+l)  we  write  “mm!”  for  “(i\, . . .  •  •  •  fik+l)  € 

I  and  rrt  =  and  m!  =  (4+1, •  •  •  ,4+f)-?; 


As  in  Section  4,  we  shall  also  use  a  notion  admissibility. 

Definition  7.9  A  relation  R  E  Relr  is  admissible  if  and  only  if  it  satisfies 
both  of  the  following  conditions. 

1  Recall  the  definition  of  experimental  equivalence  for  substitutions,  Definition  3.26. 
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Strictness:  (e,  e')  G  R  iff  (e  ft  Ae'  -ft-)  V  (3v,  v'  :  e  v  A  e'  i-»*  v'  A  (v,  v)  G 

R). 

Completeness:  For  all  C{p}  G  Ctx?  with  all  parameters  in  p  of  type  t\  — a 
T2,  /or  all  C'{q}  G  with  all  parameters  in  q  of  type  (ti  T2)*, 

for  all  Ffjj  =  fix  f(x:ri).e  G  Exp ^T2,  for  all  F'u  —  fix  f(x:r i*).e'  G 

(Vmm'  G  /  G  PCof (iV'Pl+^l)  :  (C{FA},C'{F^})  G  i?)  =► 
((C{Fu,},C',{F:})gjR)). 

Definition  7.10  For  a//  source  types  r,  we  define  a  universe  of  admissible 
relations  Radmr  as  follows. 


RadmT  =f  { i?  E  Relr  \  R  is  admissible} 

We  also  use  R  to  range  over  Radmr. 

We  now  define  a  series  of  relational  type  constructors,  just  as  in  Section  4. 
In  each  case,  one  has  to  check  that  the  definitions  we  give  are  independent 
of  the  chosen  equivalence  class  representative;  this  is  straightforward  in  all 
cases  (it  is  just  like  in  Section  4). 

Definition  7.11 

R0  d=  {  (e,  e')  G  ( Expp0  /«)  x  {Exppa  /«)  |  e  ft  A  e'  ft  } 

Definition  7.12 

R1  1lf  {  (e,  ef)  E  (Exp i  /«)  x  (Exp^  /«)  |  (e  ft  Ae'  ft)  V  (e  *  A  ef  i->*  *)  } 

Definition  7.13  For  all  R\  E  Reln  and  R2  E  RelT2 , 

Ri  x  R2  d=  {  (e,e;)  G  {Expp lXT2  /»)  x  (Exp?lXT2  /«)  | 

(e  ft  Ae'  ft)V 

(3vi,V2,v'i,W2  :  he«  (^1,^2)  :  n  x  T2A 
he' «  :  ri*  x  T2*A 

(vl>  vl)  €  i?i  A  (t>2,  ^2)  ^  -^2)  } 
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Definition  7.14  For  all  R\  £  RelTl  and  R2  £  RelT2, 

Ri  +  R2  =  {  (e,  e')  G  (ExppTl+T2  M  x  (Exp?1+T2  /«)  | 

(e  ff  Ae'  f(")V 

(3v,v'  :  hess  inlT2  w  :  t\  +  T2  A  he'a  inlT2*  v'  :  ri*  +  T2*A 
(w,  v')  G  i?l)V 

(3u,  v'  :  he«  inrTl  v  :  T\  +  T2  A  he'«  i  n  rTl  *  v'  :  T\*  +  T2*A 
(«,  v')  £  R2)  } 

The  following  relational  constructors  will  be  used  in  the  definition  of  the 
relational  constructor  for  function  types. 

Definition  7.15  For  all  R  G  RelT, 

A*  (R)  d=  {  (E{.t},v')  G  (ECt4  /»)  x  /«)  | 

V(e,  e')  G.R:F{e}  »V} 

Definition  7.16  For  a//  F  G  Relr, 

K  (R)  =f  {  (e,e')  e  (. Exp?  /«)  X  (Farpfi*  /«)  | 

(e  ft-  Ae'  ft)V 

(3-y,  t/  :  he^^rrA  h  ef  «  t/  :  r  A 

V(F0{.t},u')  GA*  (i?)  :  £*>{«}  «V0)  } 

Definition  7.17  i^or  all  Ri  E  RelTl  and  R2  E  RelT2 , 

R1-R2  =  {(e,e')£(ExprTl^T2Mx(Exp?l.^M  \ 

(e  •ft  Ae'  -ft)  V 

(3v,  v1  :  h  e  w  u  :  ri  — 1  T2  A  b  e'  «  v'  :  ri*  — 1  T2A 
V(ei,ei)  G  Fi  :  (vei,v’  e[)  GA£2  (i?2)} 

Note  that  R\  — 1  i?2  is  antimonotone  in  i?i  and  monotone  in  i?2- 
By  proofs  exactly  analogous  to  the  proofs  in  Section  4  of  the  correspond¬ 
ing  results,  one  can  now  show  that  ( Radmr ,  C)  is  a  complete  lattice,  for  all 
source  types  r;  a  lemma  corresponding  to  Lemma  4.11  holds;  Rq  and  i?i  are 
admissible;  and  x  and  +  both  preserve  admissibility.  We  now  show  that 
— 1  preserve  admissibility: 

Lemma  7.18  For  all  i?i  G  Reln  and  all  f?2  G  RadmT2,  i?i  R2  £ 
RadmTl — ^T2  * 
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Proof  The  strictness  condition  is  straightforward  (as  in  the  proof  of  Lemma  4.14). 
For  completeness,  assume 

Vmm'  G  I  G  Vco{(nM+W)  :  (C{iAj, C'{F~,})  €  R.  (57) 

By  the  lemma  corresponding  to  Lemma  4.11  there  are  two  cases  to  consider. 
Case  I:  C{FW}  ft  A C'{Fi}  $  Easy. 

Case  II:  C'jFL,}  v  and  C'{F^}  i->*  ?/.  By  two  applications  of 
Lemma  3.22,  there  exist  F{pi)  and  F'jq]}  such  that 

v  =  V{FU]  C{p}  V{p[} 

v1  =  v'{Fi)  c'{ q}  Hqi} 

SO 

I[  =f  {mm'  I  mn  €  /  A  C{FA}  *  V{FM}  }  G  |P|+|P"’11) 

and 

l'2  =  {nn'  |  mn  G  /  A  C'{Fn}  ^ *  V'{F'n,}  }  G  Pcof^H^I). 

Thus 

I"  {  m'n'  |  mm'  G  l[  A  nn'  €  I2  A  mn  G  I } 
is  cofinal,  i.e.,  I"  G  'PCof(^^P^+^1^-  By  (57),  Lemma  3.7,  and  definition  of 

Vm'n'  G  I"  :  (Ffi^,},  V'{J^})  e  i?i  ->  R2 • 

Hence,  by  definition  of  — *•  , 

Vm'n'  G  I"  :  V(e,e')  G  Rx  :  (F{F^,} e,  V"{J^}  e')  GA*2  (Jfc). 

Let  m'n'  G  I"  and  (e,  e')  G  I?i  be  arbitrary.  By  definition  of  A£2  (R2)  we 
then  have  that 

V(^U}y0)  eA^2  (R2)  :  E0{V{F^}e}  V'{F^}e'v'0.  (58) 

We  are  to  show  that 

\/{EoU2},v'0)  eA *  (Jfc)  :  E0{V{Fw}e }  F'{F£}e'<  (59) 

Let  (I?o{_r2 },  Vq)  GA*2  (i?2)  be  arbitrary.  Suppose  Eq{V{Fu}  e}  i-t*  *.  Let 
C7u{pl}  =  EoiVipJe}.  Then  by  Lemma  3.22, 

c?ii{pi>  *• 
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Hence 


/n  =f  {  m'n'  |  m'n'  El  A  Cn{FA,}  ^ *  *  } 

is  cofinal,  thus  non-empty.  So  there  exists  m'n'  E  I  such  that  CniF^,} 

*,  i.e.  Eo{V{F^f}e}  h>*  *.  Hence,  by  (57),  Vf{Fi,}  e*  vf0  i-V  *,  from  which 
Vf{F^}e'v o  *->*  *  follows  by  Lemma  3.23.  The  other  direction  is  similar, 
completing  the  proof  of  (59).  Thus  we  conclude  that  {C {F^} :  Cf {F^})  E 
Ri  as  required,  since  (e, e')  and  (Eq{-T2}}Vq)  were  arbitrary  and  us¬ 
ing  Lemma  3.7.  □ 

For  all  source  types  r  E  Typep  we  define  an  interpretation  Jr]'  exactly 
as  in  Definition  5.5. 

Definition  7.19  Define  T  :  ( Radm°p  x  Radmp )  — »  Radmp  by 

*(R-,R+)  =  {  (e, e')  E  (Exp?M  x  (Expfc  /«)  | 

(e  ft  Ae'  ft)V 

(3-u,  vf  :  h  e  «  in  v  :  p  A  h  e'  «  in  vf  :  p*  A  (u,  v')  E  [tpY(R~,  i?+))  } 

Just  like  in  Section  5  it  is  now  easy  to  show  that  is  well-defined. 

We  define  ^  :  ( Radm°p  x  Radmp)  ( Radmpp  x  Radmp )  and  as  in 
Section  5  we  get  that  is  well-defined  and  monotone,  so  that  we  can 
define  (A“,  A+)  as  the  least  fixed  point  of  Moreover,  Lemma  5.11  holds 
also  now. 

We  write  (e, ef)  :  R  C  Rf  for  V(ei,e'x)  E  R  :  (ee^e'e^)  E  Rf. 

Lemma  7.20  For  all  i  E  N,  for  all  r  E  Typep, 

(n?*\nf/)  :  [r]'(A+  A")  C  [r]'(A-,A+). 


Proof  By  induction  on  (i,r),  ordered  lexicographically.  All  the  cases  are 
as  in  the  proof  of  Lemma  5.12,  except  the  case  for  r  =  r\  — l  72,  which  we 
now  consider.  Then 

[r]'(A+,A-)  =  [rL]'(A-,  A+)  -  fr2]'(A+,A-) 

and 

[t]'(A",A+)  =  [r1]/(A+,  A-)  -  [r2]'(A-,  A+). 

Assume 

(e,e')  6  [r]'(A+  A“). 
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We  are  to  show  that 


(U^T2e^:t-2e')  E  [r]'(A-,A+). 

By  admissibility  there  are  two  cases  to  consider. 

SubCase  e  ft  Ae;  ft:  Easy. 

SubCase  he^rrA  h  e'  «  v*  :  t*  for  some  (v,vf)  £  [r]'(A+,  A“): 
By  definition  of  ,  we  thus  have 

(ei,«i)  S  [nl'fA-,  A+)  =>  (vel,v'e[)  eA‘,  ([t2]'(A+,  A“))  (60) 

By  two  applications  of  Lemma  3.47  we  get  that 

h  n^T2  e  «  \x:tvTI%  ( v  (11%  x))  :  n  -  r2 


h  n^Lri e'  ~  (v'  (11*7  x))  :  n*  ^  75. 

Assume 

(e1,e/1)E[r1f(A+,A-). 

It  then  suffices  to  show  that 

(Az:Ti.n£  («  (II#  x))  d,  Axrr^.n^  (t/  (II'V  *))  eQ  eA‘2  ([t2]'(A-,  A+)). 

By  admissibility  there  are  two  subcases  to  consider. 

SubSubCase  e\  ft  Ae^  ft:  Easy. 

SubSubCase  h  e\  «  v\  :  ri  A  h  ej  «  uj  :  n*  for  some  (wi,^)  G 
[ril'(A+,A~):  Then 

h  Xx-.n.n^  (v  (n#  x))  ei «  n#  (v  (n#  ^)) :  r2 


and 


h  Xx-.n*^  (v'  «Vx))ei 


K' 


(v1 


By  induction, 

e[rx]'(A-,A+). 

Hence,  by  (60), 


(tins' »1. €AS  ([t2]'(a+,a-». 


By  admissibility  there  are  two  cases  to  consider. 
SubSubSubCase  vlirt  v\  fi  At/ 11^ ?  v[  f|-:  Easy 
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SubSubSubCase  b  v  n£j*  v\  «  v2  :  T2  A  b  u'll^  ~  v2  :  t2  for  some 
(v2,v2)  gA£2  ([t2],(A+,  A-)):  Then  it  suffices  to  show  that 

(n?>2,n^u')  gA£2  ([t2]'(a-,a+)). 

To  this  end,  assume 

(E10{-t2},v10)  gA*2  ([r2l'(A-,A+)).  (61) 

We  are  to  show  that 

E10{n%v2}Kkn.£iv,2v10. 

Since 

b  Il£>  v'2  vio  ~  v2  (A x':t2*.vw  (Il£i*  x'))  : 
it  suffices  to  show 

E10{ ngvi}  v'2  (Xx':t2*.vw  (<lV))- 
Hence  it  suffices  to  show  that 

(KE10{U^.r2},\x':r2*.v10  (<;V))  ^r2  (M'(A+,  A")). 

(because  then  the  above  follows  since  ( v2,v2 )  €A£2  (|t2J'(A+,  A-))).  To 
this  end,  assume 

(eu,e'n)  G  [r2]'(A+,A-).  (62) 

We  are  to  show  that 

EW{H%  en}  (\x':t2*.v10  (<f  x'))  e'n. 

Since 

b  (A x':t2*.vw  (<:V))e'n  «  vw  «Ve'n)  :  1 

it  suffices  to  show 

E10{U^en}^kv1o(U^e,n).  (63) 

But  by  induction  on  (62), 

(n#  €  H'(A-,  A+), 

so  by  assumption  (61),  the  required  (63)  follows.  □ 
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Lemma  7.21  For  all  i  G  N,  (ttp,\  np* ,l)  ;  A  C  A+. 
Proof  As  the  proof  of  Lemma  5.13. 


□ 


Lemma  7.22 


,  irp*  ,0°)  :  A"  C  A+ 

Proof  As  the  proof  of  Lemma  5.14.  □ 

def 

As  in  Section  5,  it  now  follows  that  A“  =  A+  and  we  can  define  A  = 

A+. 

Definition  7.23  For  all  source  types  r  G  Typep,  we  define 

A®=f  [r]'(A,  A). 

Definition  7.24  For  all  source  types  r  €  Typep,  we  define 
Avt  =  {  (e,  e')  €  A®  |  e  1J-  Ae'  -(I } 

A  *  d=  {{E{-t},v’)  G  (ECtafJn)  x  (Vo^I^/w)  |  eAvT^  E{v}  &kv'v} 

Acr  =f  {  (e,  e')  G  (Expp  /«)  x  (Exjg  /»)  |  (£{-r},  v')  G A*=»  £{e}  «*  e' u'  } 

Lemma  7.25  T/ie  above  defined  relations  satisfy  the  conditions  in  Theo¬ 
rem  7.3. 

Proof  All  the  conditions,  except  the  one  for  A^_^T2  and  the  completeness 
condition,  are  obvious  from  the  above  definitions.  By  definition  of  A^_^T2, 
we  have  that 


V  A*  ^T2  v'  (ei  A^  ei  =>  v  ei  A %2  v'  e[) , 

but  it  is  easy  to  check,  using  the  definition  of  A£2,  that 

(ei  Aen  ei  =>  vei  ACT2  v'  e\)  4=^  (vi  Avn  v[  =>vvi  A%2  v'  v[) 

which  gives  the  required.  The  completeness  condition  for  AvTl^T2  follows  by 
admissibility  of  A®x  _^T2  (using  I  =  {(i,  i)  \  i  G  N}  a  the  cofinal  set)  and 
the  facts  that  fix  f(x:r{).e  1)  and  fix  f(x:T\*).e'  JJ-.  □ 

This  completes  the  construction  of  relations  for  CPS  correctness. 
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8  Related  Work 


The  construction  of  relations  over  recursive  types  hinges  on  a  syntactic  ver¬ 
sion  of  the  minimal  invariant  property  of  the  solution  of  a  domain  equation. 
The  critical  ingredient  in  the  construction  is  Pitts’s  observation  [17]  that  the 
existence  of  a  relational  interpretation  can  be  reduced  to  minimal  invariance, 
combined  with  the  observation  that  this  criterion  can  be  stated  and  proved 
at  a  purely  operational  level.  The  proof  of  syntactic  minimal  invariance  is 
a  generalization  of  methods  used  by  Mason,  Smith,  and  Talcott  [11]  to  a 
typed  language  with  a  recursive  type.  In  addition  to  the  applications  given 
here  this  generalization  sheds  light  on  the  need  for  “run-time  type  checks” 
in  Mason,  Smith,  and  Talcott ’s  work  —  they  arise  here  as  compositions  of 
recursive  unrolling  and  case  analysis  on  a  disjoint  union  type,  confirming 
Scott’s  observation  that  “untyped”  really  means  “unityped”. 

The  two  applications  of  relational  interpretations  suggested  here  —  an¬ 
alyzing  contextual  equivalence  and  proving  correctness  of  the  cps  transfor¬ 
mation  —  have  been  studied  elsewhere  using  different  methods.  Pitts  has 
emphasized  the  importance  of  a  characterization  of  contextual  equivalence 
for  a  language  with  streams  as  a  bisimulation  relation  constructed  as  the 
maximal  fixed  point  of  a  monotone  operator  on  relations  [16].  To  apply 
this  framework  to  specific  examples  Pitts  relies  on  a  lemma  characterizing 
contextual  equivalence  of  values  of  stream  type.  In  our  setting  this  lemma 
arises  as  a  simple  consequence  of  the  definition  of  logical  equivalence  rela¬ 
tion  for  a  recursive  type,  as  outlined  in  Section  6.  Several  authors  have 
considered  the  correctness  of  the  cps  transformation.  Reynolds  [20]  gives  a 
proof  for  an  untyped  functional  language  by  working  over  a  domain  model 
given  by  an  inverse  limit  construction.  Meyer  &  Wand  [12]  give  a  somewhat 
different  proof  for  the  simply  typed  A-calculus  (without  a  recursive  type). 
The  proof  given  in  Section  7  generalizes  both  of  these  to  a  typed  language 
with  a  recursive  type  without  appealing  to  a  denotational  semantics. 


9  Conclusion 

We  have  presented  a  method  for  constructing  relational  interpretations  of 
recursive  types  in  an  operational  setting.  The  key  result  is  the  syntactic 
minimal  invariant  property  up  to  a  suitable  notion  of  operational  equiva¬ 
lence.  With  this  in  hand  we  may  define  relational  interpretations  of  types 
over  operational  equivalence  classes  of  closed  terms.  Using  this  construc¬ 
tion  we  give  a  relational  characterization  of  experimental  and  contextual 
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equivalence  and  derive  a  coinduction  principle  for  establishing  contextual 
equivalence.  Taking  the  recursive  type  to  be  the  type  of  infinite  streams, 
the  coinduction  principle  specializes  to  a  principle  corresponding  to  the  one 
used  by  Pitts  [16]  in  his  theory  of  program  equivalence  based  on  bisimula¬ 
tion.  Using  our  construction  we  further  give  a  relational  proof  of  correctness 
of  cps  conversion,  generalizing  Reynolds’  proof  to  the  typed  setting. 

The  proof  of  correctness  for  the  cps  transformation  that  we  give  here 
does  not  appear  to  extend  easily  to  a  language  with  control  operators  such 
as  call/cc  [1,  10].  The  reason  is  that  we  rely  on  a  “uniformity”  property 
of  the  evaluation  relation  which  states  that  evaluation  steps  are  parametric 
in  the  evaluation  context  —  if  E{e }  i->  E{e'},  then  E'{e}  E'{e'}  —  that 

fails  in  the  presence  of  call/cc.  It  is  also  unclear  whether  our  proof  can  be 
extended  to  a  language  with  mutable  storage.  One  possible  approach  may  be 
to  consider  a  store-passing  transformation  in  which  the  store  is  represented 
by  a  value  of  a  recursive  type,  and  then  to  apply  the  methods  considered 
here  to  complete  the  proof  of  correspondence  between  the  original  program 
and  its  cps  transformation. 

The  treatment  of  cps  conversion  given  here  invites  generalization  to  an 
arbitrary  syntactically-definable  monad  for  the  language.  Filinski’s  disser¬ 
tation  [3]  is  a  first  step  towards  a  general  theory  of  representation  of  compu¬ 
tational  effects.  Filinski’s  work  suggests  that  one  could  give  a  fairly  general 
correctness  proof  along  the  lines  suggested  here  for  a  wide  variety  of  defin¬ 
able  effects. 
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